Snort mailing list archives
Re: Whitelist IP's?
From: Y M <snort () outlook com>
Date: Wed, 9 Jul 2014 22:33:07 +0000
From: jesler () cisco com To: wkitty42 () windstream net Date: Tue, 8 Jul 2014 23:03:55 +0000 CC: snort-users () lists sourceforge net Subject: Re: [Snort-users] Whitelist IP's? On Jul 8, 2014, at 3:48 PM, waldo kitty <wkitty42 () windstream net> wrote: On 7/8/2014 1:49 PM, Jeff Meigs wrote: Hey Everyone, Trying to whitelist an IP so I don’t receive alerts from it. Do I do this in the threshold.conf? If so whats the proper way to write it? try the reputation processor instead... whitelist the IPs you want to pass on without molestation... http://manual.snort.org/node176.html and here's a link to copy of the README.reputation file... https://github.com/jasonish/snort/blob/master/doc/README.reputation bpf the IP out is the correct answer.
Putting the IP in the whitelist only whitelists the IP against the blacklist. It has no effect on the rest of the engine.
Joel, Even when white is set to trust? If I am reading the documentation correctly, it says "when white means trust, the packet gets bypassed, without further detection by snort". What does "...without further detection by snort" mean in this context? YM ------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Whitelist IP's? Jeff Meigs (Jul 08)
- Re: Whitelist IP's? waldo kitty (Jul 08)
- Re: Whitelist IP's? Joel Esler (jesler) (Jul 08)
- Re: Whitelist IP's? waldo kitty (Jul 08)
- Re: Whitelist IP's? Jeff Meigs (Jul 09)
- Re: Whitelist IP's? Y M (Jul 09)
- Re: Whitelist IP's? waldo kitty (Jul 10)
- FW: Whitelist IP's? Jeff Meigs (Jul 10)
- Re: FW: Whitelist IP's? Y M (Jul 10)
- Re: Whitelist IP's? Joel Esler (jesler) (Jul 08)
- Re: Whitelist IP's? waldo kitty (Jul 08)
- <Possible follow-ups>
- Whitelist IP's? Jeff Meigs (Jul 09)