Snort mailing list archives

Previous By Date Next
Previous By Thread Next

FW: Portscan2 woes

From: "Gavin Lowe" <gavin () vanderwell com>
Date: Fri, 2 May 2003 11:15:36 -0600
Robin,

I found the answer to that in the archive yesterday.  Was having the
same problem on my Win2000 box.

Add these params to your config file:

preprocessor portscan2-ignorehosts: $DNS_SERVERS
preprocessor portscan2-ignoreports-to: 80 53
preprocessor portscan2-ignoreports-from: 80


Gavin Lowe
Programmer / Network Administrator
glowe () vanderwell com


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Robin
Brown
Sent: Friday, May 02, 2003 10:04 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Portscan2 woes

I'd like to use it, but I keep getting alerted on what looks like normal
return web traffic:

05/02-08:27:27.107257 TCP src: 64.28.64.81 dst: 10.10.10.1 sport: 80
dport: 47493 tgts: 1 ports: 11 flags: ***A**S* event_id: 0









-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: