<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2600.0" name=GENERATOR>
<DIV><FONT face=Arial size=2>Keep getting hit with broadcasts from my ISP.
So I would like to not see these in the alerts anymore.</FONT></DIV>
<DIV><FONT face=Arial size=2>And, sometimes when a user accesses our
file server (legit user), snort reports: [1:2102:1] NETBIOS SMB
SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt [**]. Would like
to ignore all internal traffic and broadcasts from ISP. <BR></FONT></DIV>
<DIV><FONT face=Arial size=2>In the faqs, it said to write pass rules and add
the hosts to the portscan-ignorehosts list . Then to call snort with
the -o option to activate the pass rules. Can anyone elaborate on this?
<DIV><FONT face=Arial size=2><BR>TIA<BR>storm</DIV></FONT></BODY></HTML>