[Snort-users] [Emerging-Sigs] How to exclude one IP address from HOME_NET

Joel Esler jesler at ...1935...
Mon Oct 1 17:26:54 EDT 2012


On Oct 1, 2012, at 3:20 PM, Jack Pepper <pepperjack at ...14319...> wrote:

> the subject of how to exclude one IP address from HOME_NET still comes up occasionally.  Usually it's a proxy server.  I wrote a little program a long time ago (2008?) to create a HOME_NET statement with the proxy address excluded.  Herewith I offer it to the public (should a done that a long time ago).
>      http://www.autoshun.org/exclusion.asp

Please see this section of the Snort Manual:

http://manual.snort.org/node16.html#SECTION00312000000000000000

As it references how to exclude certain IPs within a variable.

Also Cc'ing the Snort-users list, as this is a Snort issue (not an emerging-sigs issue) and someone may find it useful.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121001/63e7bc07/attachment.html>


More information about the Snort-users mailing list