Re: how to disable spp_porscan?

[Phil Wood <cpw () lanl gov>]

  preprocessor stream4: noalerts

On Tue, Dec 18, 2001 at 12:12:51PM +0100, Roberto Suarez Soto wrote:
> Hi, 
>
>       I wrote a few days ago, but it seems that nobody knew what I asked, or
> my mail was totally unnoticed :-)
>
>       So, to say it in another way: how can I *totally* disable
> spp_portscan? Don't tell me that I just comment it in snort.conf, because
> that's how it is now and it's still reporting portscans. I can show you my
> snort.conf if you don't believe me :-)
>
>       I want to disable spp_portscan because it's giving false positives of
> portscanning from the host's IPs. I've tried portscan-ignorehosts, but it
> didn't work (I tried both with variables, defined at the beginning of the
> snort.conf file, and with IP addresses directly as arguments to
> portscan-ignorehosts, with its corresponding /32 mask).
>
>       Come on, tell me something :-) Thanks in advance.
>
> -- 
> Roberto Suarez Soto                                   Alfa21 Outsourcing
>     robe () alfa21 com                                     http://www.alfa21.com
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
Phil Wood, cpw () lanl gov


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users