Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: spp_portscan2 questions

From: "Gillham, Chris" <Chris.Gillham () Maritz com>
Date: Thu, 24 Oct 2002 12:32:05 -0500
Is there a way to ignore portscans TO a specific host versus FROM a
specific host?  User surfing actions are causing the return traffic to
generate port scan alerts against my firewall's public interface.

Thanks in advance!

        Chris

--
Chris Gillham, Maritz Global Technology Services - Internet Team
MARITZ INC.
1355 North Highway Drive, Fenton MO 63099
phone 636-827-1072, efax 413-702-1971, mobile 314-583-5910

e-mail: chris.gillham () maritz com
-- 



-----Original Message-----
From: Alberto Gonzalez [mailto:ag-snort () cerebro violating us]
Sent: Friday, October 18, 2002 3:47 PM
To: Pauling
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] spp_portscan2 questions


actually, with 'preprocessor portscan2-ignorehosts: x.x.x.x' it will 
just ignore all portscans from that
specific host. No need to specify a certain port when you want to ignore

them.....

Pauling wrote:


Having looked around, I don't see any way for me to tell portscan2 to 
ignore portscans from certain hosts... does anybody know if there is

such 

a way, and also if there is a way to specify, "Ignore portscans from 
certain hosts from certain ports" specifially?

Many Thanks

 



-- 
The secret to success is to start from scratch and keep on scratching.




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


<font size="1">Confidentiality Warning:  This e-mail contains information intended only for the use of the individual 
or entity named above.  If the reader of this e-mail is not the intended recipient or the employee or agent responsible 
for delivering it to the intended recipient, any dissemination, publication or copying of this e-mail is strictly 
prohibited. The sender does not accept any responsibility for any loss, disruption or damage to your data or computer 
system that may occur while using data contained in, or transmitted with, this e-mail.   If you have received this 
e-mail in error, please immediately notify us by return e-mail.  Thank you.



-------------------------------------------------------
This sf.net email is sponsored by: Influence the future
of Java(TM) technology. Join the Java Community
Process(SM) (JCP(SM)) program now.
http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0003en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: