Snort mailing list archives
RE: spp_portscan2 questions
From: "Gillham, Chris" <Chris.Gillham () Maritz com>
Date: Thu, 24 Oct 2002 12:32:05 -0500
Is there a way to ignore portscans TO a specific host versus FROM a specific host? User surfing actions are causing the return traffic to generate port scan alerts against my firewall's public interface. Thanks in advance! Chris -- Chris Gillham, Maritz Global Technology Services - Internet Team MARITZ INC. 1355 North Highway Drive, Fenton MO 63099 phone 636-827-1072, efax 413-702-1971, mobile 314-583-5910 e-mail: chris.gillham () maritz com -- -----Original Message----- From: Alberto Gonzalez [mailto:ag-snort () cerebro violating us] Sent: Friday, October 18, 2002 3:47 PM To: Pauling Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] spp_portscan2 questions actually, with 'preprocessor portscan2-ignorehosts: x.x.x.x' it will just ignore all portscans from that specific host. No need to specify a certain port when you want to ignore them..... Pauling wrote:
Having looked around, I don't see any way for me to tell portscan2 to ignore portscans from certain hosts... does anybody know if there is
such
a way, and also if there is a way to specify, "Ignore portscans from certain hosts from certain ports" specifially? Many Thanks
-- The secret to success is to start from scratch and keep on scratching. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users <font size="1">Confidentiality Warning: This e-mail contains information intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient or the employee or agent responsible for delivering it to the intended recipient, any dissemination, publication or copying of this e-mail is strictly prohibited. The sender does not accept any responsibility for any loss, disruption or damage to your data or computer system that may occur while using data contained in, or transmitted with, this e-mail. If you have received this e-mail in error, please immediately notify us by return e-mail. Thank you. ------------------------------------------------------- This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0003en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- spp_portscan2 questions Pauling (Oct 18)
- Re: spp_portscan2 questions Bennett Todd (Oct 18)
- Re: spp_portscan2 questions Alberto Gonzalez (Oct 18)
- <Possible follow-ups>
- RE: spp_portscan2 questions Gillham, Chris (Oct 24)