Re: Cisco Secure IDS: excluding targets
From: ktimm@server1.stingrey.comDate: 10/16/01
- Previous message: Giovanni Vigna: "The STAT software is available! Beta-testers needed!"
- In reply to: Drew - Home: "Cisco Secure IDS: excluding targets"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 16 Oct 2001 15:05:34 -0500 (CDT) From: <ktimm@server1.stingrey.com> To: Drew - Home <simonis@myself.com> Subject: Re: Cisco Secure IDS: excluding targets Message-ID: <Pine.LNX.4.10.10110161502560.12241-100000@server1.stingrey.com>
RecordOfExcludePattern * * 10.1.1.0 255.255.255.0
will ignaore all paterns from the 10.1.1.0 network. You can be more exact
and put in the exact signature and subsignature. FWIW this is also in an
article about false positives and false negatives that was recently on
security focus -- look for part 2.
Kevin
On Tue, 16 Oct 2001, Drew - Home wrote:
> All,
> I am working with several Cisco IDS systems, and have
> a known host that is generating alot of alerts. I wish to
> exclude this host, but when I enter its IP address in the
> Director, it diesn't seem to work. Are there any other
> configurations that I am missing? Has anyone seen this
> issue before? (found nothing on the web or Cisco's site...)
>
> Thanks in advance,
> -Ds
>
- Previous message: Giovanni Vigna: "The STAT software is available! Beta-testers needed!"
- In reply to: Drew - Home: "Cisco Secure IDS: excluding targets"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
