Snort mailing list archives

how do you remove local subnet from scan.rules

From: Mike Dodor <dodes1 () yahoo com>
Date: Thu, 12 Aug 2004 05:36:18 -0700 (PDT)

I'm looking for help with the proper syntax that will allow me to ingnore scan alerts where the source and destination 
are the same subnet.
The logs are getting overwhelmed with ssp_portscan2 alerts from the DC's to our Webmail frontends. 
So I'm looking for a little help in how best to edit the scan.rules so it will ignore any ssp_portscan2's from within 
the same subnet.
 
Thanks,
MikeD

                
---------------------------------
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!

Current thread:

how do you remove local subnet from scan.rules Mike Dodor (Aug 12)
- Re: how do you remove local subnet from scan.rules Matt Kettler (Aug 12)