Snort mailing list archives
Re: Problems ignoring a host
From: "Peter Sundstrom" <peter () ginini com>
Date: Tue, 12 Feb 2002 13:44:55 +1100
----- Original Message ----- From: "Erek Adams" <erek () theadamsfamily net>
On Tue, 12 Feb 2002, Peter Sundstrom wrote:I'm trying to ignore alerts triggered by our scanner without any luck.[...snip...]What am I missing?The fact that the portscan alerts are generated by ssp_portscan.{c,h} and
not
snort. Since that's from a pre-processor, pass rules won't help. Use the config file directive "portscan ignorehosts" or use a BPF filter to ignore traffic from that host.
I forgot to say that I am using "portscan ignorehosts". In snort.conf I have: var IS_HOSTS 192.168.1.25/32 preprocessor portscan-ignorehosts: $SNMP_HOSTS $IS_HOSTS Peter _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problems ignoring a host Peter Sundstrom (Feb 11)
- Re: Problems ignoring a host Erek Adams (Feb 11)
- Re: Problems ignoring a host Peter Sundstrom (Feb 11)
- Re: Problems ignoring a host Erek Adams (Feb 11)
- Multiple sensors over WAN Onie Camara (Feb 11)
- Re: Problems ignoring a host Peter Sundstrom (Feb 11)
- <Possible follow-ups>
- RE: Problems ignoring a host Graham, Randy (RAW) (Feb 12)
- Re: Problems ignoring a host Erek Adams (Feb 11)