[Snort-users] snort exception

Endre Szekely-Bencedi Endre.Szekely-Bencedi at ...12701...
Tue Nov 23 07:55:03 EST 2004


Hi All,

My question is the following:
My default snort config includes alerts for certain SNMP packets.
Now, if I have an external (not on home_net) address that is collecting
data for MRTG from my router, what can I do so it won't appear in the
alerts?

If possible I wouldn't add the whole IP address to a 'trusted' list or
however it is done.. just to let snort know that it is legitly getting data
from the SNMP of the router. That is a corporate machine and I don't even
know where it is physically, so I do handle the corporate network as
potentially 'hostile', but there is a lot of legitimate traffic (too)
between our subnet and corporate network (all over the world).

Greetings,
Endre Szekely-Bencedi

"THIS E-MAIL MESSAGE ALONG WITH ANY ATTACHMENTS IS INTENDED ONLY FOR THE
ADDRESSEE and may contain confidential and privileged information. If the
reader of this message is not the intended recipient, you are notified that
any dissemination, distribution or copy of this communication is strictly
prohibited. If you have received this message by error, please notify us
immediately, return the original mail to the sender and delete the message
from your system."





More information about the Snort-users mailing list