[Snort-users] ignore a single host

Shnitko, Maxim {PBG} Maxim.Shnitko at ...12618...
Mon Nov 22 22:45:02 EST 2004


Open the signature  "SNMP request udp" save it as a new (local.rules) add
the new variable name with that host address, add this new variable as a
source address into the created signature and replace the "alert" with
"pass"... That is all.

Regards,
Maxim

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of isp
Sent: Sunday, November 21, 2004 12:44 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] ignore a single host


Can't quit figure out how to ignore a single computer.

I have a computer which continuously gets following alert.  It is because it
is making lots of SNMP requests which is what it is suppose to do.  How do I
get snort to ignore a single host like this or just ignore this particular
alert?

thanks terry


[**] [1:1417:9] SNMP request udp [**]
[Classification: Attempted Information Leak] [Priority: 2]
11/21-03:37:59.626234 12.170.222.13:53965 -> 12.170.222.148:161 UDP TTL:64
TOS:0x0 ID:0 IpLen:20 DgmLen:118 DF
Len: 90 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0013]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012
http://www.securityfocus.com/bid/4132]
http://www.securityfocus.com/bid/4089]
http://www.securityfocus.com/bid/4088]



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list