Re: [Snort-users] portscan2-ignoreports...anyone get it to work???

[Erek Adams <erek () snort org>]

[Cross posting removed]

On Thu, 20 Mar 2003, Jeff Oliveto wrote:

> Has anyone confirmed that the "preprocessor portscan2-ignoreports: s1 s2
> d1 d2" variable works?

[...snip...]

Two things:

        *  Move any portscan2-ignore* lines below the inital portscan2
line in snort.conf.
        *  Use the right format.  :)

          preprocessor portscan2-ignoreports-to:
          preprocessor portscan2-ignoreports-from:

Verify that by a simple grep:

  [erek@it]/usr/local/build/cvs/snort/src/preprocessors>grep ignoreport
  spp_portscan2.{c,h}
  spp_portscan2.c: * - added ignoreports
  spp_portscan2.c:                     "portscan2-ignoreports,
  ignoring.\n",
  spp_portscan2.c:                     "portscan2-ignoreports");
  spp_portscan2.c:                 "portscan2-ignoreports directive\n",
  spp_portscan2.c:                 "portscan2-ignoreports\n", file_name,
  file_line);
  spp_portscan2.c:    RegisterPreprocessor("portscan2-ignoreports-from",
  InitIgnoreFrom);
  spp_portscan2.c:    RegisterPreprocessor("portscan2-ignoreports-to",
  InitIgnoreTo);

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users