Snort mailing list archives
Re: portscan2 problem
From: "reynald" <rtm () cybees com>
Date: Thu, 24 Feb 2005 12:02:51 +0800
hello, I have tried using preprocessor portscan. I did get alerts, but my preprocessor-ignorehosts doesn't work. my config is: preprocessor-ignorehosts: x.x.x.2/32 preprocessor portscan: x.x.x.1/23 20 5 I still get alerts from x.x.x.2/32 network did i missed something? thanks, reynald ----- Original Message ----- From: reynald To: snort-users () lists sourceforge net Sent: Wednesday, February 23, 2005 5:28 PM Subject: [Snort-users] portscan2 problem hello, I am using snort 2.1.0 ruleset. I know that preprocessor "flow-portscan" replaces "protscan2". My question is, how can I run portscan2 again? I tried adding "preprocessor portscan2: <options>" in my snort.conf, but it prompted an error that it doesn't recognized portscan2. Did I missed something? note: I have also activated preprocessor conversation (according to the manual its a prerequisite). thanks, reynald
Current thread:
- portscan2 problem reynald (Feb 23)
- Re: portscan2 problem reynald (Feb 23)