[Snort-users] supress an IP address?

Larry Wichman larrywichman at ...131...
Thu Oct 28 09:29:10 EDT 2004


I dont think I was clear enough...I do not want to see
any events from an IP address. 
--- "Bristol, Gary L." <gbristol at ...10387...> wrote:

> How about suppressing in the Threshold.conf a Class
> B or 1 ip or Two
> with a CIDR of 32 or 31.
> 
> This works for me.
> 
> suppress gen_id 1, sig_id 365, track by_src, ip
> 129.15.0.0/16
> suppress gen_id 1, sig_id 384, track by_src, ip
> 129.15.0.0/16
> suppress gen_id 1, sig_id 402, track by_src, ip
> 129.15.0.0/16
> suppress gen_id 1, sig_id 469, track by_src, ip
> 129.15.3.67/32
> suppress gen_id 1, sig_id 1411, track by_src, ip
> 129.15.10.77/31
> suppress gen_id 1, sig_id 1419, track by_dst, ip
> 129.15.3.27/32
> 
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net] On
> Behalf Of Larry
> Wichman
> Sent: Thursday, October 28, 2004 10:54 AM
> To: Snorty S Snortman
> Subject: [Snort-users] supress an IP address?
> 
> It does not look like you can do this in the
> threshold.conf, but I would like to not see events
> from a couple of IP addresses. Does anyone know of a
> way to do this?
> 
> Cheers,
> Larry
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> http://mail.yahoo.com 
> 
> 
>
-------------------------------------------------------
> This Newsletter Sponsored by: Macrovision 
> For reliable Linux application installations, use
> the industry's leading
> setup authoring tool, InstallShield X. Learn more
> and evaluate 
> today.
>
http://clk.atdmt.com/MSI/go/ins0030000001msi/direct/01/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> 
>
-------------------------------------------------------
> This Newsletter Sponsored by: Macrovision
> For reliable Linux application installations, use
> the industry's leading
> setup authoring tool, InstallShield X. Learn more
> and evaluate
> today.
>
http://clk.atdmt.com/MSI/go/ins0030000001msi/direct/01/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 


=====
Cheers,
Lawrence A. Wichman2719 W ThomasApt 2
Chicago
Il, 60622
773.807.7606








		
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail 




More information about the Snort-users mailing list