[Oisf-users] Suppress all signatures per source IP
Cooper F. Nelson
cnelson at ucsd.edu
Mon Jun 30 21:37:51 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I've just been using local sids starting with 1. It's unlikely you will
run into any collisions anytime soon.
On 6/30/2014 8:59 AM, Yasha Zislin wrote:
> Sorry for so many emails.
>
> So with using pass rules (for example, pass ip 1.1.1.1 any <> any any
> (sid:1;) ), I would have an issue with signature id since I will have a
> lot of these entries for different IPs.
> What is the best way to make these unique? If I use different SID, what
> range can I use so I dont overwrite ET PRO ruleset. or what would be the
> best approach here?
>
> Thanks.
>
- --
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTsdivAAoJEKIFRYQsa8FWvCIH/juHjBMTDwTh1gCOZCT8YbwD
viYBqcIsdmsK2zzuyMzVaqrDXFCB5ENtHo/cqYimUyzZDghERfH5zk2EZpYLRva1
e6sSupxVJqM/J6gJIBoDIp4xHLknp7ol2AiLV2Pe8hqvIzPPAGvowhXoQnkjO3xT
DGks1HieScrOobofggoxPlpU87CxsiaT36BfW8FwqYZmQTOY0rzECghGnSGy+Wmb
a6OzXmvYhjQAzBklh87P15YnUDQ07omfhlzgLCnGOv20UE2q1FIVnAJzeIN+qPMs
n0IfRcb7N/oTUsjtym6ANTanozLCswHlw9u4Bnt37F5H7X4Jg7vkfDcUQe9ELiI=
=l9bk
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list