[Snort-users] NFS file copy vs. snort ???

Michael D Schleif mds at ...9577...
Mon Sep 6 13:39:04 EDT 2004


Omar =>

* Omar McKenzie <omckenzi at ...4479...> [2004:09:06:14:48:50-0400] scribed:
> Michael,
> Try writing a pass rule and/orBPF filter for the NFS traffic between the
> hosts.  This will allow snort to ignore the NFS traffic.
> 
> BPF filters are probably more efficient in your case.

Thank you.

I had tried some things with these, apparently misconfigured them, and
when they did not `work', I concluded that I did not know what I was
doing.  That is when I solicited this list.

Now that you mention this, I re-visited it, and after several logic
gaffs with the BPF syntax, I now have working BPF filters.  In fact,
these filters do exactly as I require, and nothing more.

Thank you, for your patience and your guidance.

HAND

-- 
Best Regards,

mds
-
Dare to fix things before they break . . .
-
Our capacity for understanding is inversely proportional to how much
we think we know.  The more I know, the more I know I don't know . . .
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040906/f4b8f1b0/attachment.sig>


More information about the Snort-users mailing list