[Snort-users] suppression of multible events by CIDR

Michael Scheidell scheidell at ...5171...
Tue Aug 1 18:07:08 EDT 2006


 
> -----Original Message-----
> From: snort-users-bounces at lists.sourceforge.net 
> [mailto:snort-users-bounces at lists.sourceforge.net] On Behalf 
> Of Reece Mills
> Sent: Tuesday, August 01, 2006 5:05 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] suppression of multible events by CIDR
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Is there a way to suppress all alerting by CIDR using 
> wildcards in the gen_id and sig_id?
> 
> Like:
> 
> suppress gen_id *, sig_id *, track by_src, ip 34.25.1.0/24
Why?  Use bpf rules.

not net 34.25.1.0/24

-- 
Michael Scheidell, CTO
SECNAP Network Security
561-999-5000 x 1131
Take a vacation from spam: UP to 25% off of service
www.spammertrap.com/vacation





More information about the Snort-users mailing list