Snort mailing list archives
Re: NEWBIE: portscan tuning
From: Legus <eboo () softhome net>
Date: Sun, 28 Oct 2001 11:54:25 +0800
Sorry, This problem is driving me crazy. Any help? Is my conf setting wrong with respect to the portscan? Please help, thanks. * eboo () softhome net (eboo () softhome net) wrote:
Hi all, Sorry if this has been asked before. I've read the manual but still am not sure what I am doing wrong. I get portscan alerts from snort when I access the web: [**] [100:1:1] spp_portscan: PORTSCAN DETECTED from a.b.c.d (THRESHOLD 5 connections exceeded in 6 seconds) [**] 10/17-17:14:52.252947 /etc/snort/snort.conf: var DNS_SERVERS a.b.c.d preprocessor portscan: $HOME_NET 4 3 portscan.log (i've also tried commenting out the above line, same effect) preprocessor portscan-ignorehosts: $DNS_SERVERS How do I prevent get snort to not report portscans from my machine or any network which I specify? Thanks. Eric _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- NEWBIE: portscan tuning eboo (Oct 25)
- Re: NEWBIE: portscan tuning Legus (Oct 27)