3. Snort: how to exclude a lan host from scans?

Snort: how to exclude a lan host from scans?

  • C

    How can I exclude a particular host on my lan from all Snort scans?

    I run an offsite backup server behind Pfsense and simultaneously have hundreds of clients connecting to it but also simultaneously get hundreds of false positives for a multitude of Snort rules because of the nature of the data being transmitted.

    i would like to keep my ruleset functioning for all other hosts behind pfsense except this particular hosts. How can this be acheived?

    I tried creating Whitelists and Netlists etc but nothing seems to be doing the trick.

    Any help appreciated.

    Thanks

    0
  • C

    Bump.

    Anyone got any suggestions on this?

    Thanks

    0
  • S

    After creating a whitelist, you have to add it in the Snort Interface Settings to a particular interface.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy