Snort mailing list archives
Re: Ingoring Hosts
From: Erek Adams <erek () theadamsfamily net>
Date: Sun, 11 Nov 2001 11:09:36 -0800 (PST)
On Sun, 11 Nov 2001, Ayse Ekinci wrote:
Although I have an entry to ignore couple of my servers (yp, networking monitoring etc) ...: portscan-ignorehosts: x.x.x.1/32 x.x.x.2/32 Snort still will not ingore them and I still recieve the following messages via syslog: 2 in 0:15:36: my_host snort: [ID 702911 local1.notice] spp_portscan: portscan status from x.x.x.1: 5 connections across 1 hosts: TCP(2), UDP(3) Nov 11 19:59:19 my_host snort: [ID 702911 local1.notice] spp_portscan: End of portscan from x.x.x.2: TOTAL time(1s) hosts(1) TCP(0) UDP(5) 2 in 1:00:00: my_host snort: [ID 702911 local1.notice] spp_portscan: PORTSCAN DETECTED from x.x.x.3 (THRESHOLD 4 connections exceeded in 0 seconds) Can anyone tell me what have I missed - please.
Try this: portscan-ignorehosts: [x.x.x.1/32,x.x.x.2/32] This snippet from the snort.conf file gives you some more info about it... --- # You can specify lists of IP addresses for HOME_NET # by separating the IPs with commas like this: # # var HOME_NET [10.1.1.0/24,192.168.1.0/24] # # MAKE SURE YOU DON'T PLACE ANY SPACES IN YOUR LIST! --- That should get you fixed up. Hope that helps! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Ingoring Hosts Ayse Ekinci (Nov 11)
- Session errors after changing database Dan McIntosh (Nov 11)
- Graph alert data problem Dan McIntosh (Nov 11)
- RE: Graph alert data problem Dan McIntosh (Nov 11)
- Re: Graph alert data problem Phil Wood (Nov 11)
- RE: Graph alert data problem Dan McIntosh (Nov 11)
- Graph alert data problem Dan McIntosh (Nov 11)
- Session errors after changing database Dan McIntosh (Nov 11)