Snort mailing list archives

RE: How to ignore scan from a host

From: "Sheahan, Paul (PCLN-NW)" <Paul.Sheahan () priceline com>
Date: Tue, 16 Apr 2002 18:05:34 -0400


Comunications from that host might not be showing up as a portscan all the
time. Try writing a pass rule instead....


Paul Sheahan
Manager of Information Security
Priceline.com
paul.sheahan () priceline com



-----Original Message-----
From: Tony Wong [mailto:tony.wong () stanford edu]
Sent: Tuesday, April 16, 2002 1:40 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] How to ignore scan from a host


how can I ignore a host from scanning? 

Tried putting ip address/subnet mask in here but alert was still logging
the host scanning

preprocessor portscan-ignorehosts: ip/netmask

ICMP PING NMAP [**] [Classification: Attempted Information Leak]
[Priority: 2] {ICMP}


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

How to ignore scan from a host Tony Wong (Apr 16)
- Re: How to ignore scan from a host Brian (Apr 16)
- Re: How to ignore scan from a host Erek Adams (Apr 16)
- <Possible follow-ups>
- RE: How to ignore scan from a host Sheahan, Paul (PCLN-NW) (Apr 16)
- Re: How to ignore scan from a host Adrian Voinea (Jun 01)