Re: Ignorehosts, once again

[Yonah Russ <yonah () jct ac il>]

On Mon, 2002-12-16 at 16:29, Marc Quibell wrote:
> OK, got another implementation of SNort. Now I forgot how I got it to ignore
> certain SOURCE IPs (such as using the DNS_SERVERS variable. I know there is a
> syntax issue with this. WHat is the exact way to ignore a host source?
>
> I currently have:
> var DNS_SERVERS [207.108.40.###,207.108.40.###]
> preprocessor portscan-ignorehosts: $DNS_SERVERS

I had  a similar problem- which portscan preprocessor are you using? 1,2
or both? If you are using 2, make sure to put in a line
portscan2-ignorehosts (note the 2) and put it after the portscan2 line

hope that helps 

> THis does not work. I've seen several variations, none of which work: It still
> gets alerts from these hosts.
>
> TIA
>
> Marc
>
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:
> With Great Power, Comes Great Responsibility 
> Learn to use your power at OSDN's High Performance Computing Channel
> http://hpc.devchannel.org/
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- 
Yonah Russ <yonah () jct ac il>
Jerusalem College of Technology



-------------------------------------------------------
This sf.net email is sponsored by:
With Great Power, Comes Great Responsibility 
Learn to use your power at OSDN's High Performance Computing Channel
http://hpc.devchannel.org/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users