Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Portscan2-ignorehosts

From: Matt Kettler <mkettler () evi-inc com>
Date: Thu, 11 Sep 2003 13:41:42 -0400
At 10:40 AM 9/11/2003 -0300, zottmann () ig com br wrote:

I have seen some e-mail messages talking about the Portscan2-ignorehosts
preprocessor, but I canĀ“t find it for download anywhere....

Are they talking about Portscan-ignorehosts instead, or I am missing
something?
No, they are two separate things, and you don't need to download anything for it.
Just like portscan has an ignorehosts option, portscan2 has an ignore option. Providing you're running a version of snort that has portscan2 support, you can do a line like this: 

preprocessor portscan2-ignorehosts: 10.1.1.1

Just the same as you can do:
preprocessor portscan-ignorehosts: 10.1.1.1
However these two statements are for completely different preprocessors. If you're using classic portscan, use portscan-ignorehosts. If you're using portscan2, use portscan2-ignorehosts. 






-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: