[Snort-users] supress an IP address?

Bristol, Gary L. gbristol at ...10387...
Thu Oct 28 09:20:05 EDT 2004


How about suppressing in the Threshold.conf a Class B or 1 ip or Two
with a CIDR of 32 or 31.

This works for me.

suppress gen_id 1, sig_id 365, track by_src, ip 129.15.0.0/16
suppress gen_id 1, sig_id 384, track by_src, ip 129.15.0.0/16
suppress gen_id 1, sig_id 402, track by_src, ip 129.15.0.0/16
suppress gen_id 1, sig_id 469, track by_src, ip 129.15.3.67/32
suppress gen_id 1, sig_id 1411, track by_src, ip 129.15.10.77/31
suppress gen_id 1, sig_id 1419, track by_dst, ip 129.15.3.27/32

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Larry
Wichman
Sent: Thursday, October 28, 2004 10:54 AM
To: Snorty S Snortman
Subject: [Snort-users] supress an IP address?

It does not look like you can do this in the
threshold.conf, but I would like to not see events
from a couple of IP addresses. Does anyone know of a
way to do this?

Cheers,
Larry

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


-------------------------------------------------------
This Newsletter Sponsored by: Macrovision 
For reliable Linux application installations, use the industry's leading
setup authoring tool, InstallShield X. Learn more and evaluate 
today. http://clk.atdmt.com/MSI/go/ins0030000001msi/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list