Snort mailing list archives

RE: [Snort-users] portscan2-ignoreports...anyone get it to work???

From: "Jeff Oliveto" <joliveto () CleanCommunications com>
Date: Mon, 24 Mar 2003 11:39:30 -0500

It would be "nice" if someone would update the snort.conf for the
portscan2 preprocessor.  This guessing and hunting the newsgroups for
information on how to configure the preprocessor is a waste of time.

- jeff -

-----Original Message-----
From: Erek Adams [mailto:erek () snort org] 
Sent: Monday, March 24, 2003 9:10 AM
To: Jeff Oliveto
Cc: Pig-A-Holics Anonymous
Subject: Re: [Snort-devel] [Snort-users] portscan2-ignoreports...anyone
get it to work???

[Cross posting removed]

On Thu, 20 Mar 2003, Jeff Oliveto wrote:

Has anyone confirmed that the "preprocessor portscan2-ignoreports: s1 
s2 d1 d2" variable works?


[...snip...]

Two things:

        *  Move any portscan2-ignore* lines below the inital portscan2
line in snort.conf.
        *  Use the right format.  :)

          preprocessor portscan2-ignoreports-to:
          preprocessor portscan2-ignoreports-from:

Verify that by a simple grep:

  [erek@it]/usr/local/build/cvs/snort/src/preprocessors>grep ignoreport
  spp_portscan2.{c,h}
  spp_portscan2.c: * - added ignoreports
  spp_portscan2.c:                     "portscan2-ignoreports,
  ignoring.\n",
  spp_portscan2.c:                     "portscan2-ignoreports");
  spp_portscan2.c:                 "portscan2-ignoreports directive\n",
  spp_portscan2.c:                 "portscan2-ignoreports\n", file_name,
  file_line);
  spp_portscan2.c:    RegisterPreprocessor("portscan2-ignoreports-from",
  InitIgnoreFrom);
  spp_portscan2.c:    RegisterPreprocessor("portscan2-ignoreports-to",
  InitIgnoreTo);

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson



-------------------------------------------------------
This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There!
NetWorld+Interop Las Vegas 2003 -- Register today!
http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

portscan2-ignoreports...anyone get it to work??? Jeff Oliveto (Mar 20)
- Re: portscan2-ignoreports...anyone get it to work??? Matt Kettler (Mar 20)
- Re: [Snort-users] portscan2-ignoreports...anyone get it to work??? Erek Adams (Mar 24)
  - RE: [Snort-users] portscan2-ignoreports...anyone get it to work??? Jeff Oliveto (Mar 25)
    - RE: [Snort-users] portscan2-ignoreports...anyone get it to work??? Erek Adams (Mar 24)
    - Re: [Snort-users] portscan2-ignoreports...anyone get it to work??? Chris Green (Mar 26)