Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort 1.9 problem

From: Alberto Gonzalez <ag-snort () cerebro violating us>
Date: Mon, 21 Oct 2002 23:51:11 -0700
like spp_portscan , spp_portscan2 has 'ignore-hosts; as well....

- 2 cents

hope it helps

   - Albert

Security Admin wrote:
I updated my snort installation (3 sensors and a central console) to 1.9.0 last week. I reviewed the new snort.conffiles and everything looks fine. The problem I am having is it is logging portscans to my database from IP's which are in my preprocessorportscan ignore-hosts list. These ip'sare my external DNS, firewall ip and web proxy (needless to say they are chatty). I have turned on the new Portscan2 preprocessor, and all the alerts from these IP's show as (spp_portscan2). Is there some way to exclude IP addresses from the Portscan2 preprocessor, assuming of course my assumption is correct and this is where these alerts are originating? I was previously running 1.8.7 and this wasn't an issue. 


Any input would be greatly appreciated.


Cheers,

Wayne



--
The secret to success is to start from scratch and keep on scratching.




-------------------------------------------------------
This sf.net emial is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ad.doubleclick.net/clk;4699841;7576298;k?http://www.sun.com/javavote 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: