Re: Preprocessor port scan ignore host

[Joel Esler <joel.esler () sourcefire com>]

You could enter the netrange of your internal servers ex. 192.168.1.0/24 in
the ignore_scanners line in sfportscan.  Check out the Manual for all kinds
of tuning options on sfportscan.

Joel


On 12/20/05 10:52 AM, "Joshua Brown" <joshua.l.b () gmail com> wrote:

> Can any one tell me how to ignore a large group of host from being seen as
> port scanning? This would be mostly to ignore internal servers.
>
> ~Joshua