Snort mailing list archives

Portscan2...

From: Tobias Rice <rice () up edu>
Date: Sat, 22 Mar 2003 08:54:42 -0800 (PST)

I'm using portscan2, and I'm getting many alerts from myself:
(spp_portscan2) Portscan detected from 111.222.333.444: 21 targets 21 
ports in 0 seconds
(names changed to protect the innocent)

Mostly DNS lookup I think (port 53)

So, how do I prevent this? I tried this:
preprocessor portscan2-ignorehosts: 111.222.333.444
and now I don't get any alerts when I'm portscanned.

I want to ignore alerts from 111.222.333.444 port 53 and 5060, (or any 
scans coming FROM me) yet still detect all other incoming scans.

Many thanks in advance!




-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open! 
Get cracking and register here for some mind boggling fun and 
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Portscan2... Tobias Rice (Mar 22)
- Re: Portscan2... Erek Adams (Mar 22)
  - Re: Portscan2... Tobias Rice (Mar 22)
    - Re: Portscan2... Erek Adams (Mar 22)
    - Re: Portscan2... Tobias Rice (Mar 22)
    - Re: Portscan2... Erek Adams (Mar 22)
    - Re: Portscan2... Tobias Rice (Mar 22)
    - Re: Portscan2... Alberto Gonzalez (Mar 22)
    - Re: Portscan2... Alberto Gonzalez (Mar 22)
    - Re: Portscan2... Jim Burwell (Mar 22)
    - Re: Portscan2... Erek Adams (Mar 23)

(Thread continues...)