Snort mailing list archives
RE: sfPortscan IP list ?
From: "T Samp." <tsamp77 () optonline net>
Date: Thu, 01 Sep 2005 00:09:39 -0400
Very strange.... I have it set up just like that... ignore_scanners {xxx.xxx.xxx.xxx} And it again Snort tells me that there is "no argument" to the option.... I am using 2.4 as well... The docs talk about a "Snort IP list" as the argument to ignore_scanners as opposed to just CIDR IP address... Maybe I am passing the address incorrectly? Then again it works for you :) Thanks for reaching out... -----Original Message----- From: Lee Clemens [mailto:snort () leeclemens net] Sent: Wednesday, August 31, 2005 8:26 PM To: 'T Samp.' Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] sfPortscan IP list ? I am using 2.4 and I have ignore_scanners setup like this: ignore_scanners { x.x.x.x/y,x.x.x.x,x.x.x.x,x.x.x.x } If your HOME_NET is only one IP address, just enter the IP without the slash. Hope that helps! -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of T Samp. Sent: Wednesday, August 31, 2005 6:16 PM To: snort-users () lists sourceforge net Subject: [Snort-users] sfPortscan IP list ? I am experimenting with the sfPortscan module... When I utilize the ignore_scanners option, I get a Snort error on initialization: "No argument to 'ignore_scanners' config option" I have tried the following: ignore_scanners {xxx.xxx.xxx.xxx/32} ignore_scanners {$HOME_NET} ignore_scanners {[xxx.xxx.xxx.xxx/32]} ignore_scanners {[$HOME_NET]} I guess I can't figure out the syntax for the IP portion of this option. Any nudge in the right direction is greatly appreciated ! ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- BASE Graphs not working Lean Cornelius (Aug 30)
- Re: BASE Graphs not working Kevin Johnson (Aug 30)
- RE: BASE Graphs not working Lean Cornelius (Aug 30)
- Re: BASE Graphs not working Alex Butcher, ISC/ISYS (Aug 31)
- sfPortscan IP list ? T Samp. (Aug 31)
- RE: sfPortscan IP list ? Lee Clemens (Aug 31)
- RE: sfPortscan IP list ? T Samp. (Aug 31)
- Re: sfPortscan IP list ? Jason Brvenik (Sep 02)
- RE: sfPortscan IP list ? T Samp. (Sep 02)
- sfPortscan IP list ? T Samp. (Aug 31)
- Re: BASE Graphs not working Kevin Johnson (Aug 30)