[Snort-users] [Emerging-Sigs] How to exclude one IP address from HOME_NET

Jack Pepper pepperjack at ...14319...
Mon Oct 1 17:33:31 EDT 2012


I did not know this was available.  that's a way better (and more
inuitive) solution.
      ipvar EXAMPLE [1.1.1.1,2.2.2.0/24,![2.2.2.2,2.2.2.3]]

jp

On Mon, Oct 1, 2012 at 4:26 PM, Joel Esler <jesler at ...1935...> wrote:

> On Oct 1, 2012, at 3:20 PM, Jack Pepper <pepperjack at ...14319...>
> wrote:
>
> the subject of how to exclude one IP address from HOME_NET still comes up
> occasionally.  Usually it's a proxy server.  I wrote a little program a
> long time ago (2008?) to create a HOME_NET statement with the proxy address
> excluded.  Herewith I offer it to the public (should a done that a long
> time ago).
>      http://www.autoshun.org/exclusion.asp
>
>
> Please see this section of the Snort Manual:
>
> http://manual.snort.org/node16.html#SECTION00312000000000000000
>
> As it references how to exclude certain IPs within a variable.
>
> Also Cc'ing the Snort-users list, as this is a Snort issue (not an
> emerging-sigs issue) and someone may find it useful.
>
> --
> Joel Esler
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121001/8e8ab7ff/attachment.html>


More information about the Snort-users mailing list