|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Snort-users] Customizing snort rules
From: AJ Butcher, Information Systems and Computing (Alex.Butcher
bristol.ac.uk)
Date: Tue Apr 06 2004 - 05:53:40 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
--On 06 April 2004 14:29 +0530 simonkcnetsol.co.in wrote:
> Hi,
>
> Can anyone point me in the direction of any document explaining how to
> customize snort rules.
> I have a situation wherein the Snort IDS is alerting even for normal SNMP
> requests and traps. How do it disable these alerts for only specific SNMP
> management stations but keep the SNMP rule turned on??
Something like this:
var SNMP_MGMT_STATIONS [10.1.1.2/32,192.168.31.5/32,10.10.10.0/24]
[...]
comment out the affected rules and copy them, replacing the source mask
(probably $EXTERNAL_NET) with !SNMP_MGMT_STATIONS (i.e. anything but your
designated SNMP management stations).
> Thanks and Regards
> Simon
HTH,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]