Doug Gough <[EMAIL PROTECTED]> writes:
> Maybe someone here can help me. I would like to be able to tell prelude ids
> to stop logging the scans from our isp's dns server. Is there a way to tell
> it to ignore stuff from one particular ip? I am using cookfire rc1. Perhaps
> you could point me to some documentation. I have looked at the prelude web
> page, but the documentation is aimed at developers.
yop, use a BPF rule, like with tcpdump... for exemple :
prelude -i eth0 '! src host x.x.x.x'
Ps : does this scan is real, or does it seem to you
like a false positive ?
--
Yoann Vandoorselaere | "Programming is a race between programmers, who try and
MandrakeSoft | make more and more idiot-proof software, and universe,
| which produces more and more remarkable idiots. Until
| now, universe leads the race" -- R. Cook
