Re: ignoring udp scans

["Sid" <s_i_d_j () yahoo com>]

I had this line but this is only for my DNS servers, but the portscan
preprocessor logs a lot of DNS talk as portscans. This includes other DNS
servers in the internet hierarchy.

Siddhartha

----- Original Message -----
From: "Neil Dickey" <neil () geol niu edu>
To: <snort-users () lists sourceforge net>; <s_i_d_j () yahoo com>
Sent: Friday, May 04, 2001 8:11 PM
Subject: Re: [Snort-users] ignoring udp scans


> "Sid" <s_i_d_j () yahoo com> wrote asking:
>
> > How do i ignore udp portscans in the portscan preprocessor? Ofcourse, i
am
> > referring to the DNS traffic.
>
> Near the top of your snort configuration file, you will find a line which
> starts like this:
>
>   preprocessor portscan-ignorehosts:
>
> It is probably commented out.  Uncomment it, and list the IP addresses of
> the DNS servers you wish to ignore following the colon and separated by
> spaces:
>
>   preprocessor portscan-ignorehosts: 111.222.333.444 555.666.777.888
>
> Then save the changes and reset Snort.
>
> Best regards,
>
> Neil Dickey, Ph.D.
> Research Associate/Sysop
> Geology Department
> Northern Illinois University
> DeKalb, Illinois
> 60115
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users