Snort, Modify snort rule "WEB-CGI finger access" to ignore destination IP

How do I change the snort rule to ignore when destination IP (e.g. desIP is

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI finger access"; flow:to_server,established; uricontent:"/finger"; nocase; metadata:service http; reference:arachnids,221; reference:cve,1999-0612; reference:nessus,10071; classtype:attempted-recon; sid:839; rev:8;)
Who is Participating?

Improve company productivity with a Business Account.Sign Up

gorhonConnect With a Mentor Commented:
Sorry, this your rule. But how change rules? Many many hardwork. Good luck.

suppress gen_id xxxx, sig_id yyy, track by_dst, ip

rgbcofAuthor Commented:
More info on the question:
Source IP          Dest IP           Port      80         Snort         WEB-CGI finger access

So I want this SNORT rule to ignore when DestIP is

First find snort attack id number for this attack.

Please open the threshold.conf file. and goto last line and

suppress gen_id 122, sig_id 27, track by_src, ip

(gen id 122 and signature id 27 not collect from the network)

rgbcofAuthor Commented:
How do you modify the SNORT rule?
rgbcofAuthor Commented:
Great, thanks for the lead.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.