[Snort-users] ignore a single host

Shnitko, Maxim {PBG} Maxim.Shnitko at ...12618...
Mon Nov 22 22:45:02 EST 2004

Open the signature  "SNMP request udp" save it as a new (local.rules) add
the new variable name with that host address, add this new variable as a
source address into the created signature and replace the "alert" with
"pass"... That is all.


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of isp
Sent: Sunday, November 21, 2004 12:44 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] ignore a single host

Can't quit figure out how to ignore a single computer.

I have a computer which continuously gets following alert.  It is because it
is making lots of SNMP requests which is what it is suppose to do.  How do I
get snort to ignore a single host like this or just ignore this particular

thanks terry

[**] [1:1417:9] SNMP request udp [**]
[Classification: Attempted Information Leak] [Priority: 2]
11/21-03:37:59.626234 -> UDP TTL:64
TOS:0x0 ID:0 IpLen:20 DgmLen:118 DF
Len: 90 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013]

SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list