Hosting Provided By

Re: [Snort-users] Don't log events from local interface

From: co street <co2street(at)hotmail.com>
Date: Mon Oct 08 2007 - 12:21:01 EDT

Joel,

Many thanks for this solution (BPF)! And... It's works ! :)

Best Regards,

Mik

> There are a number of ways to do what you are asking. Basically, you want to ignore events coming from a single host.
>
> The most efficent way to do this from Snort's perspective is a BPF.
>
> Joel
>
>
> On Mon, Oct 08, 2007 at 02:46:29PM +0000, it looks like co street sent me:
> > Hi all,
> >
> > I've got a basic question:
> >
> > - On my PC, I've got 2 interfaces in bridge mode,
> >
> > - I've got a Nessus to scan my local network,
> >
> > - Snort is in IDS mode.
> >
> > When Nessus scan my local network, Snort detect these potential attacks...
> >
> > But, I want to disable these alarms when my PC scan my local network.
> >
> > Do you have an idea do to do that? Or a link?
> >
> > Many Thanks,
> >
> > Mik
> > PS: sorry for my bad english...
> >
> > --------------------------------------------------------------------------
> >
> > Besoin d'un e-mail ? Cr*ez gratuitement un compte Windows Live Hotmail, la
> > bo*te e-mail enti*rement personnalisable ! [1]Windows Live Hotmail
> >
> > References
> >
> > Visible links
> > 1. http://www.windowslive.fr/hotmail/default.asp
>
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by: Splunk Inc.
> > Still grepping through log files to find problems? Stop.
> > Now Search log events and configuration files using AJAX and a browser.
> > Download your FREE copy of Splunk now >> http://get.splunk.com/
>
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users@lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
>
>
>
>
> -----
> joel esler
> http://demo.sourcefire.com/jesler.pgp.key

Votez pour vos séries TV préférées et tentez de gagner un voyage à Hawaï ! http://messengerawards.divertissements.fr.msn.com/

This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users Received on Mon Oct 8 12:38:11 2007

This message: [ Message body ]
Next message: Richard Bejtlich: "[Snort-users] Question on port lists and negation"
Previous message: Joel Esler: "Re: [Snort-users] Don't log events from local interface"
In reply to: Joel Esler: "Re: [Snort-users] Don't log events from local interface"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Jul 16 2008 - 04:37:31 EDT

Do you need help?