[Snort-users] Customizing snort rules

Edin Dizdarevic edin.dizdarevic at ...7509...
Tue Apr 6 03:28:08 EDT 2004


Hm,

if you take a look at those rules you may notice the data flow described 
by the rule is (except for the rules id 1415 and 1416) in this form:

EXTERNAL_NET -> HOME_NET (...)

There is no reason for snort to trigger otherwise as described. So you 
may want to check your configuration vars again.

Otherwise check the FAQ for the possibility how to blend out specific 
hosts from being seen by Snort or how to write special pass-Rules 
respectively.

Regards,
Edin

simonkc at ...11578... schrieb:

> Hi Edin,
> 
> I have properly defined the HOME_NET and EXTERNAL_NET variables??
> The rules that are getting triggered are SNMP rules.i.e. whenever our NMS
> management server polls some devices,the rule triggers.
> I want to be able to disable these triggers for some specific IP hosts. The
> SNMP rule should not be disabled and continue to look for SNMP traffic.
> 
> 
> Thanks and Regards   
> 
> Simon 
....

-- 
Edin Dizdarevic




More information about the Snort-users mailing list