[Oisf-users] Avoid inspecting intra lan traffic with BPF filter expression

Chris Boley ilgtech75 at gmail.com
Thu Jun 30 19:04:16 UTC 2016


I'm actually running these subnets within a test environment. I described
it in a previous post called 'Suricata under libvirt'.
I can test the sandbox before I drop this into any production situations.

Thanks a lot guys!

I'll let you know what happens.

On Thu, Jun 30, 2016 at 2:26 PM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:

> Absolutely, but given the exercise is to eliminate LOCAL <-> LOCAL IP
> conversations that should be within scope.
>
> On 6/30/2016 11:14 AM, Peter Manev wrote:
> > Looking at the filter though we might end up with - "not"
> > src net 10.250.104.192/28 -> dst net 10.250.104.192/28
> > (Like src and dst from the same net)
> > @Cooper - am I reading it right?
>
>
> --
> Cooper Nelson
> Network Security Analyst
> UCSD ITS Security Team
> cnelson at ucsd.edu x41042
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160630/f8afd6d1/attachment-0002.html>


More information about the Oisf-users mailing list