[Snort-users] [Emerging-Sigs] How to exclude one IP address from HOME_NET

Joel Esler jesler at ...1935...
Mon Oct 1 17:26:54 EDT 2012

On Oct 1, 2012, at 3:20 PM, Jack Pepper <pepperjack at ...14319...> wrote:

> the subject of how to exclude one IP address from HOME_NET still comes up occasionally.  Usually it's a proxy server.  I wrote a little program a long time ago (2008?) to create a HOME_NET statement with the proxy address excluded.  Herewith I offer it to the public (should a done that a long time ago).
>      http://www.autoshun.org/exclusion.asp

Please see this section of the Snort Manual:


As it references how to exclude certain IPs within a variable.

Also Cc'ing the Snort-users list, as this is a Snort issue (not an emerging-sigs issue) and someone may find it useful.

Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121001/63e7bc07/attachment.html>

More information about the Snort-users mailing list