Re: No clue?

[John Friedman <jfriedmanx () yahoo com>]

Thank you for your reply.  If I comment out 
# preprocessor sfportscan:
the snort service can not be started.  Also, what's
the syntax to ignore this host from sf portscan?

Thansk for your help,

John

--- Matt Kettler <mkettler () evi-inc com> wrote:

> John Friedman wrote:
> > Hi all,
> >  
> > Since I did not get any reply on this, is there
> any way to suppress or
> > pass this alert?
> >  
>
> Suggestion: look at the ignorehosts option for
> portscan.
>
> Pass definitely will not work. Since pass is a rule,
> it can only work if the
> offending traffic is matching a rule.
>
> You might be able to suppress it, but you'd probably
> wind up having to suppress
> all portscans...
>
> It's generally best to configure your portscan
> plugins properly in the first
> place. Actually, if you're monitoring an internal
> LAN, you'll probably just want
> to turn it off or turn the thresholds way up.



                
__________________________________ 
Start your day with Yahoo! - Make it your home page! 
http://www.yahoo.com/r/hs


-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.  Get Certified Today
Register for a JBoss Training Course.  Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users