Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort and IPlist alerts

    IDS/IPS
    2
    3
    806
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      peppegate
      last edited by

      Hello,
      i need your support for understand if its possible and how to remove alert generated by spp_reputations .
      just like :
      or more important the packet whitelisted.

      this generate a lot of useless Spam on the alert center (and a lot of useless email from my log system as well).

      somebody know how can i remove the spp alert from snort?
      tnx for your help.

      1 Reply Last reply Reply Quote 0
      • P
        peppegate
        last edited by

        nobody know the answer?

        1 Reply Last reply Reply Quote 0
        • F
          fsansfil
          last edited by

          Its a good question basically you want to add a noalert into the IP preprocessor rule. Something you could ask the Snort mailing list; is it possible to drop with a no alert with the IP preprocessor?

          Also, pfblocker might be the solution, leave the packet payload inspection to your IDS, and all ports or IP blocking to the firewall, PF… This is what I do.

          F.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post