Snort mailing list archives
Re: Ignorehosts, once again
From: Yonah Russ <yonah () jct ac il>
Date: 16 Dec 2002 17:14:24 +0200
On Mon, 2002-12-16 at 16:29, Marc Quibell wrote:
OK, got another implementation of SNort. Now I forgot how I got it to ignore certain SOURCE IPs (such as using the DNS_SERVERS variable. I know there is a syntax issue with this. WHat is the exact way to ignore a host source? I currently have: var DNS_SERVERS [207.108.40.###,207.108.40.###] preprocessor portscan-ignorehosts: $DNS_SERVERS
I had a similar problem- which portscan preprocessor are you using? 1,2 or both? If you are using 2, make sure to put in a line portscan2-ignorehosts (note the 2) and put it after the portscan2 line hope that helps
THis does not work. I've seen several variations, none of which work: It still gets alerts from these hosts. TIA Marc ------------------------------------------------------- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Yonah Russ <yonah () jct ac il> Jerusalem College of Technology ------------------------------------------------------- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Ignorehosts, once again Marc Quibell (Dec 16)
- Re: Ignorehosts, once again Yonah Russ (Dec 17)
- <Possible follow-ups>
- RE: Ignorehosts, once again Brandis Jaroslav (Dec 17)
- Ignorehosts, once again Marc Quibell (Dec 17)