Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: unknown destination ip and portscan false alerts

From: Always Bishan <bishan4u () yahoo co uk>
Date: Sat, 8 Mar 2003 10:04:25 +0000 (GMT)
hi


Signature: portscan
alert: spp_portscan detected from 192.168.0.11
(THRESHOLD              
       4 connections exceeded in 0 seconds) 
source ip: 192.168.0.11 
destination ip: unknown 
proto: IP   



use portscan-ignorehosts, 
syntax is 'preprocessor portscan-ignorehosts:
x.x.x.x'



1) here the problem i'm facing is that the destination
IP  address is *unknown* as logged by acid.

2) instead of ignoring hosts, i want to ignore ports
 
Regards,
Bishan

__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com


-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: