Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: portscan-ignorehosts question

From: Erek Adams <erek () theadamsfamily net>
Date: Wed, 5 Jun 2002 22:10:33 -0700 (PDT)
On Fri, 5 Jun 1998, Scot Scot wrote:


Try this:

[xxx.xxx.xxx.xxx/xx,xxx.xxx.xxx.xxx/xx]  <-- You can add multiple IP's by
using this format.


Actually, the format is not quite that.  The format breaks down to:
<ip>/<cidr> <ip>/<cidr>

spp_portcan is the oldest pre-processor, and there've been a lot of changes in
the spp_ system since it was built.  One those happens to be the parsing of
arguments for the spp_ system...  :-)  spp_portscan ignorehosts should be in a
white space delimted format.

Such as:
        10.10.10.10/32 10.10.10.11/32

One thing to keep in mind--Things will change rather soon.  :)  Keep your eyes
peeled!  :-)

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: