Snort Network Suppression
- From: Jonathan Askew JBASKEW <JBASKEW@xxxxxxxx>
- Date: Fri, 14 Dec 2007 13:09:39 -0500
I am new to IDS and have just set up snort on a ubuntu host. It has worked
well except for the fact that I am getting some false positivies from local
traffic on the network. I have been trying to find the solution on snort's
forums but the site seems to be going up and down randomly. I want to set a
rule in order to suppress/ignore local network traffic for 192.168.1.0/24.
I know this can be done in the /etc/threshold.conf file but have not been
able to do so successfully. Can someone be so kind as to post their
threshold.conf file or guide me through the process?
Thanks,
Blake
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
- Follow-Ups:
- Re: Snort Network Suppression
- From: Matteo Ignaccolo
- Re: Snort Network Suppression
- From: Jamie Riden
- Re: Snort Network Suppression
- From: Alexander Bondarenko
- Re: Snort Network Suppression
- From: Ngot
- Re: Snort Network Suppression
- From: Boogie B.
- RE: Snort Network Suppression
- From: Michael LaSalvia
- Re: Snort Network Suppression
- Prev by Date: Re: blocking CSRF attacks
- Next by Date: RE: Snort Network Suppression
- Previous by thread: Re: blocking CSRF attacks
- Next by thread: RE: Snort Network Suppression
- Index(es):
Relevant Pages
|
