Snort mailing list archives

Re[2]: Snort logging way too much

From: Ochronus <ochronus () all hu>
Date: Mon, 16 Feb 2004 08:01:37 +0100

Thank you, this worked!


Regards,
Ochronus





------------------------
When you say logs packets/flows aimed to another machine I assume you 
are talking about getting alerts for packets not originating or destined 
for your machine.

There are many rules that do not use HOME_NET and EXTERNAL_NET and it 
could be that you are noticing these events fire.

If you want to prevent snort from analyzing any traffic not originating 
or destined for your machine use a bpf

snort -i eth0 -p -c snort.conf host 10.1.2.3

This could miss attacks that use a broadcast medium but I think your 
risk there is fairly low since it is not a win* machine.




-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort logging way too much Ochronus (Feb 13)
- Re: Snort logging way too much Martin Roesch (Feb 13)
  - Re[2]: Snort logging way too much Ochronus (Feb 13)
    - Message not available
    - Re[2]: Snort logging way too much Ochronus (Feb 15)
    - Block Israel_Guadalupe_Lopez_Mascorro . . /Administracion/Jalisco (Feb 16)
    - Message not available
    - Re: Block Matt Kettler (Feb 16)
    - Re: Block Paul Schmehl (Feb 16)
    - Re: Block Frank Knobbe (Feb 16)
    - Re: Block Paul Schmehl (Feb 16)
    - Re: Block Frank Knobbe (Feb 16)
    - Re: Block Brian (Feb 16)
    - Re: Block Matt Kettler (Feb 17)