Hosting Provided By

RE: [Snort-sigs] exclude IP from a rule

From: Esler, Joel Contractor <joel.esler(at)rcert-s.army.mil>
Date: Tue Sep 23 2003 - 08:32:57 EDT

pass udp $EXTERNAL_NET any -> <IP> 161 (msg:"SNMP..............

-----Original Message-----
From: Nick Duda [mailto:nduda@VistaPrint.com] Sent: Tuesday, September 23, 2003 7:51 AM To: snort-sigs@lists.sourceforge.net
Subject: [Snort-sigs] exclude IP from a rule

Hi,
I have a sig (below) that grabs SNMP traffic. How can I exclude 1 internal IP from the rule?

alert udp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"SNMP request udp"; reference:cve,CAN-2002-0012; reference:cve,CAN-2002-0013; sid:1417; rev:2; classtype:attempted-recon;)

thanks in advanced

Nick Duda, CCSA, Security+
Systems Administrator
* Email: nduda@vistaprint.com <mailto:nduda@vistaprint.com>

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs Received on Tue Sep 23 08:50:11 2003

This message: [ Message body ]
Next message: Nick Duda: "RE: [Snort-sigs] exclude IP from a rule"
Previous message: Nick Duda: "[Snort-sigs] Kazaa sig"
Maybe in reply to: Nick Duda: "[Snort-sigs] exclude IP from a rule"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:35 EDT