[Snort-users] snort exception

Matt Kettler mkettler at ...4108...
Tue Nov 23 08:13:02 EST 2004


See yesterday's thread "ignore a single host"

At 10:55 AM 11/23/2004, Endre Szekely-Bencedi wrote:
>Hi All,
>
>My question is the following:
>My default snort config includes alerts for certain SNMP packets.
>Now, if I have an external (not on home_net) address that is collecting
>data for MRTG from my router, what can I do so it won't appear in the
>alerts?
>
>If possible I wouldn't add the whole IP address to a 'trusted' list or
>however it is done.. just to let snort know that it is legitly getting data
>from the SNMP of the router. That is a corporate machine and I don't even
>know where it is physically, so I do handle the corporate network as
>potentially 'hostile', but there is a lot of legitimate traffic (too)
>between our subnet and corporate network (all over the world).
>
>Greetings,
>Endre Szekely-Bencedi





More information about the Snort-users mailing list