[Snort-users] NFS file copy vs. snort ???
Michael D Schleif
mds at ...9577...
Mon Sep 6 13:39:04 EDT 2004
* Omar McKenzie <omckenzi at ...4479...> [2004:09:06:14:48:50-0400] scribed:
> Try writing a pass rule and/orBPF filter for the NFS traffic between the
> hosts. This will allow snort to ignore the NFS traffic.
> BPF filters are probably more efficient in your case.
I had tried some things with these, apparently misconfigured them, and
when they did not `work', I concluded that I did not know what I was
doing. That is when I solicited this list.
Now that you mention this, I re-visited it, and after several logic
gaffs with the BPF syntax, I now have working BPF filters. In fact,
these filters do exactly as I require, and nothing more.
Thank you, for your patience and your guidance.
Dare to fix things before they break . . .
Our capacity for understanding is inversely proportional to how much
we think we know. The more I know, the more I know I don't know . . .
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: Digital signature
More information about the Snort-users