[Snort-users] how to ignore false triggers on a single host

isp isp at ...12699...
Mon Nov 22 08:40:10 EST 2004


Can't quit figure out how to ignore a single computer.

I have a computer which continously gets following alert.  It is because it
is making lots of snmp requests which is what it is suppose to do.  How do i
get snort to ignore a single host like this or just ignore this particular
alert?

thanks terry


[**] [1:1417:9] SNMP request udp [**]
[Classification: Attempted Information Leak] [Priority: 2]
11/21-03:37:59.626234 12.170.222.13:53965 -> 12.170.222.148:161
UDP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:118 DF
Len: 90
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012
http://www.securityfocus.com/bid/4132]
http://www.securityfocus.com/bid/4089]
http://www.securityfocus.com/bid/4088]





More information about the Snort-users mailing list