Snort mailing list archives
Re: portscan-ignore
From: "Vinay A. Mahadik" <VAMahadik () lbl gov>
Date: Tue, 06 Aug 2002 11:06:12 -0700
Fred Portnoy wrote:
Snorters: Does the portscan-ignore feature . . . "preprocessor portscan-ignorehosts: $DNS_SERVERS" ... apply to either the source or destination addresses in the detected scan, or only the source addresses? Can I get it to not report on what Snort thinks are scans to port 53 of my dns servers? I am currently running 1.8.3.
I don't think the portscan preprocessor can ignore Destination IPs at the moment. The ignorehosts spec matches Sources and not destinations, so that shouldn't be able to solve your problem. Perhaps a highly specific BPF?... -- Vinay A. Mahadik Summer Intern Computer Protection Program Lawrence Berkeley National Laboratory (510) 495 2618 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- portscan-ignore Fred Portnoy (Aug 06)
- Re: portscan-ignore Vinay A. Mahadik (Aug 06)