Snort mailing list archives
Re: Preprocessor port scan ignore host
From: Joel Esler <joel.esler () sourcefire com>
Date: Tue, 20 Dec 2005 10:55:22 -0500
You could enter the netrange of your internal servers ex. 192.168.1.0/24 in the ignore_scanners line in sfportscan. Check out the Manual for all kinds of tuning options on sfportscan. Joel On 12/20/05 10:52 AM, "Joshua Brown" <joshua.l.b () gmail com> wrote:
Can any one tell me how to ignore a large group of host from being seen as port scanning? This would be mostly to ignore internal servers. ~Joshua
Current thread:
- Preprocessor port scan ignore host Joshua Brown (Dec 20)
- Re: Preprocessor port scan ignore host Joel Esler (Dec 20)