Snort mailing list archives
portscan-ignorehosts for portscan2? (was Re: Portscan from self?)
From: Bennett Todd <bet () rahul net>
Date: Tue, 8 Oct 2002 13:26:03 -0400
2002-10-08-11:30:33 Miller, Eoin:
in your snort.conf file you will see this var IGNORE_PORTSCAN [w.x.y.z,w.x.y.z]
Would that I did. I don't see that in my snort.conf, nor anywhere else in my (1.9.0) snort rules. What's more, I'm having trouble tuning portscan2; it doesn't seem to be honoring portscan-ignorehosts. The easiest way I've found to tune it down for false-positives on legit servers is to use BPF to completely blind snort to those servers. This seems suboptimal to me. -Bennett
Attachment:
_bin
Description:
Current thread:
- Portscan from self? Marc Thomas (Oct 08)
- <Possible follow-ups>
- RE: Portscan from self? Miller, Eoin (Oct 08)
- portscan-ignorehosts for portscan2? (was Re: Portscan from self?) Bennett Todd (Oct 08)
- Re: portscan-ignorehosts for portscan2? (was Re: Portscan from self?) Erek Adams (Oct 08)
- portscan-ignorehosts for portscan2? (was Re: Portscan from self?) Bennett Todd (Oct 08)