[Oisf-users] Suppress all signatures per source IP

Cooper F. Nelson cnelson at ucsd.edu
Mon Jun 30 21:37:51 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've just been using local sids starting with 1.  It's unlikely you will
run into any collisions anytime soon.

On 6/30/2014 8:59 AM, Yasha Zislin wrote:
> Sorry for so many emails.
> 
> So with using pass rules (for example, pass ip 1.1.1.1 any <> any any
> (sid:1;) ), I would have an issue with signature id since I will have a
> lot of these entries for different IPs.
> What is the best way to make these unique? If I use different SID, what
> range can I use so I dont overwrite ET PRO ruleset. or what would be the
> best approach here?
> 
> Thanks.
> 

- -- 
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJTsdivAAoJEKIFRYQsa8FWvCIH/juHjBMTDwTh1gCOZCT8YbwD
viYBqcIsdmsK2zzuyMzVaqrDXFCB5ENtHo/cqYimUyzZDghERfH5zk2EZpYLRva1
e6sSupxVJqM/J6gJIBoDIp4xHLknp7ol2AiLV2Pe8hqvIzPPAGvowhXoQnkjO3xT
DGks1HieScrOobofggoxPlpU87CxsiaT36BfW8FwqYZmQTOY0rzECghGnSGy+Wmb
a6OzXmvYhjQAzBklh87P15YnUDQ07omfhlzgLCnGOv20UE2q1FIVnAJzeIN+qPMs
n0IfRcb7N/oTUsjtym6ANTanozLCswHlw9u4Bnt37F5H7X4Jg7vkfDcUQe9ELiI=
=l9bk
-----END PGP SIGNATURE-----



More information about the Oisf-users mailing list