Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: is there anyway of stoping this?

From: roman () danyliw com
Date: Thu, 31 May 2001 12:55:44 US/Eastern
Ben,

These alerts are caused by the portscan pre-processer and
are not triggered by any rule.  If you want to Snort to stop
monitoring for portscans (and prevent these messages from
appearing in your logs), comment out the
"preprocessor portscan: ..." line in your configuration file.

Roman


Hi All.

I have looked at whitehats.com and found not direct reference to this
portscan

--start log view---
05/31-01:53:39.840000  [**] spp_portscan: PORTSCAN DETECTED from
156.46.219.190 (STEALTH) [**]
05/31-01:54:32.255000  [**] spp_portscan: portscan status from
156.46.219.190: 1 connections across 1 hosts: TCP(1), UDP(0) STEALTH [**]
05/31-01:55:35.155000  [**] spp_portscan: End of portscan from
156.46.219.190: TOTAL time(0s) hosts(1) TCP(1) UDP(0) STEALTH [**]
--end log view---

Can it be stopped?
Is there a hole I have missed?

Ben Johansen
Newbie 3rd class



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: