Snort mailing list archives
Portscan2...
From: Tobias Rice <rice () up edu>
Date: Sat, 22 Mar 2003 08:54:42 -0800 (PST)
I'm using portscan2, and I'm getting many alerts from myself: (spp_portscan2) Portscan detected from 111.222.333.444: 21 targets 21 ports in 0 seconds (names changed to protect the innocent) Mostly DNS lookup I think (port 53) So, how do I prevent this? I tried this: preprocessor portscan2-ignorehosts: 111.222.333.444 and now I don't get any alerts when I'm portscanned. I want to ignore alerts from 111.222.333.444 port 53 and 5060, (or any scans coming FROM me) yet still detect all other incoming scans. Many thanks in advance! ------------------------------------------------------- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Portscan2... Tobias Rice (Mar 22)
- Re: Portscan2... Erek Adams (Mar 22)
- Re: Portscan2... Tobias Rice (Mar 22)
- Re: Portscan2... Erek Adams (Mar 22)
- Re: Portscan2... Tobias Rice (Mar 22)
- Re: Portscan2... Erek Adams (Mar 22)
- Re: Portscan2... Tobias Rice (Mar 22)
- Re: Portscan2... Alberto Gonzalez (Mar 22)
- Re: Portscan2... Alberto Gonzalez (Mar 22)
- Re: Portscan2... Tobias Rice (Mar 22)
- Re: Portscan2... Erek Adams (Mar 22)
- Re: Portscan2... Jim Burwell (Mar 22)
- Re: Portscan2... Erek Adams (Mar 23)