Helmut,

> > you might consider putting a BPF on snort to ignore your proxy or
> > something like that.
> BPF?! Blocking ...?

berkeley packet filter

from snort (2.0) --help:

USAGE: /usr/local/snort-2.0-HEAD/bin/snort [-options] <filter options>
                                                      ^^^^^^^^^^^^^^^^
<Filter Options> are standard BPF options, as seen in TCPDump

So just have a look at the tcpdump manpage. It would basically be
something like "snort -o -i ... ... ... not host your.proxy.name.or.ip".

Note that ignoring complete hosts by using BPF makes any packets
coming/going (in the case of 'not host') invisible to the whole
snort-process. You might want to tweak the BPF a bit, perhaps like 'not
host ... and not src port ...'...

HTH,
        Jens

-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T
handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]