Snort mailing list archives
RE: portscan target filter ?
From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Wed, 23 Apr 2003 13:27:13 -0400
Glad the "ignore..." options worked. As for enhancement requests, the closest I can point you would be the Snort Developer's list [0]. Cheers! [0] http://lists.sourceforge.net/lists/listinfo/snort-devel -----Original Message----- From: Charles Gillet [mailto:charles () federales com] Sent: Tuesday, April 22, 2003 6:17 PM To: L. Christopher Luther Cc: Snort-Users (E-mail) Subject: Re: [Snort-users] portscan target filter ? A combination of ignorehosts and ignoreports-from has cut down on my false positives considerably. Thanks! It wasn't clear to me how I might go about filing an enhancement request. Can someone point me in the right direction? -charles L. Christopher Luther wrote:
Did you get an answer to your question? I never say a response on the
list.
If not, other than: preprocessor portscan2-ignorehosts: preprocessor portscan2-ignoreports-to: preprocessor portscan2-ignoreports-from: and preprocessor portscan-ignorehosts: I'm not aware of any other mechanism that meets your needs. Well, except BPF filter on the command line. Cheers! -----Original Message----- From: Charles Gillet [mailto:charles () federales com] Sent: Wednesday, April 16, 2003 2:12 PM To: snort-users () lists sourceforge net Subject: [Snort-users] portscan target filter ? Hi There, I would like to filter out a list of port scan target ip's as well as source ip's. I don't see an easy way to do this with either of the two portscan preprocessors. Has anyone come up with a way to do this? I'm running 2.0.0. thanks for any help, -charles ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- portscan target filter ? Charles Gillet (Apr 16)
- <Possible follow-ups>
- RE: portscan target filter ? L. Christopher Luther (Apr 22)
- Re: portscan target filter ? Charles Gillet (Apr 23)
- RE: portscan target filter ? L. Christopher Luther (Apr 23)