preprocessor portscan2-ignorehosts + "WEBTRAFFIC"

["mike Hughes" <mikehughes013 () hotmail com>]

Hello,

I am trying to cut back on my flase alrams i receive. I get a lot of "web 
traffic" like this in my ACID CONSOLE alerts, after i visit sites like 
www.MSN.com, etc. I want to try to stop all these alerts soo  
(192.173.60.183 -BEING my IPADDRESS- eth0_ADDRESS)
########################################################################
         #0-(2-1295)        [snort] (spp_portscan2) Portscan detected from 
192.173.60.183: 6 targets 6 ports in 1186 seconds        2003-03-14 13:08:16 
       192.173.60.183:53        208.38.45.164:53        UDP
          #1-(2-1294)        [snort] (spp_portscan2) Portscan detected from 
208.38.45.177: 1 targets 21 ports in 16 seconds        2003-03-14 12:46:09   
     208.38.45.177:80        192.173.60.183:3172        TCP
          #2-(2-1293)        [snort] (spp_portscan2) Portscan detected from 
192.173.60.183: 6 targets 6 ports in 13 seconds        2003-03-14 12:45:53   
     192.173.60.183:53        12.47.217.11:53        UDP
          #3-(2-1292)        [snort] (spp_portscan2) Portscan detected from 
64.4.8.24: 1 targets 21 ports in 3 seconds        2003-03-14 12:44:33        
64.4.8.24:80        192.173.60.183:3121        TCP
########################################################################
So i have "preprocessor portscan2" enables and i added a few things to  
"preprocessor portscan2-ignorehosts" but they both come back with ERRORS 
when i start "SNORTD" here is this 2 things that i tryed to add:

preprocessor portscan2-ignorehosts: $DNS_SERVERS, $eth0_ADDRESS
preprocessor portscan2: scanners_max 3200, targets_max 5000, target_limit 5, 
port_limit 20, timeout 60
AND:
preprocessor portscan2-ignorehosts: [$DNS_SERVERS, $eth0_ADDRESS]

Any idea on how to wirte this line properly and or another way to stop all 
these ALERTS i get. Thanks

Mike





_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail



-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open! 
Get cracking and register here for some mind boggling fun and 
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users