Re: portscan2 problem

["reynald" <rtm () cybees com>]

hello,

I have tried using preprocessor portscan. I did get alerts, but my preprocessor-ignorehosts doesn't work.

my config is:

preprocessor-ignorehosts: x.x.x.2/32
preprocessor portscan: x.x.x.1/23 20 5

I still get alerts from x.x.x.2/32 network

did i missed something?

thanks,
reynald
  ----- Original Message ----- 
  From: reynald 
  To: snort-users () lists sourceforge net 
  Sent: Wednesday, February 23, 2005 5:28 PM
  Subject: [Snort-users] portscan2 problem


  hello,

  I am using snort 2.1.0 ruleset. I know that preprocessor "flow-portscan" replaces "protscan2". 
  My question is, how can I run portscan2 again? 

  I tried adding "preprocessor portscan2: <options>" in my snort.conf, but it prompted an error that it doesn't 
recognized portscan2.

  Did I missed something?

  note: I have also activated preprocessor conversation (according to the manual its a prerequisite).

  thanks,
  reynald