Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort BPF.filter doesn't work

From: waldo kitty <wkitty42 () windstream net>
Date: Thu, 10 Jul 2014 21:26:45 -0400
On 7/10/2014 2:13 PM, Robert Millott wrote:

All
    Finally figured it out.  Thanx Jeremy for leading me in the right direction.
The traffic I was looking at was GRE encapsulated, so while the bpf filters were
ignoring packets based on src and dst ip address, the snort rules were seeing
the encapsulated data, which contained the 192.168.1.1 address snort was looking
for , and that's why snort alerts were firing despite my telling it to drop
those addresses.


so... ummm... what was the solution so that others running into the same problem 
might find it instead of posting about the same problem in the future? ;)

-- 
  NOTE: No off-list assistance is given without prior approval.
        Please *keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: