Snort mailing list archives
Re: sfportscan - open ports
From: hchlai () netscape net (Hin)
Date: Fri, 01 Apr 2005 17:49:16 -0500
Thanks Jeremy... I believe I'll wait for 2.4 to come out. I can't find the patch that you indicated on the web, but any assistance would be appreciated. I'm just curious that since sfportscan is a preprocessor, I would think that threshold.conf will not work on it. Data seems to flow from physical link -> packet capture kernel module or pcap-> snort decoder -> snort preprocessor -> snort signature file. I thought threshold.conf will only interact after preprocessor pass the info to signature file. Am I correct? Many thanks! Hin Jeremy Hewlett <jh () sourcefire com> wrote:
On Tue, Mar 29, Hin wrote:Can someone give me some advise on how to suppress the "portscan: open port" alert? I have put "suppress gen_id 122, sig_id 27" on theHin - There is a fix for this in CVS' SNORT_2_3 branch. Could you check out this branch and let me know if it suits your needs? ------------------------------------------------------- This SF.net email is sponsored by Demarc: A global provider of Threat Management Solutions. Download our HomeAdmin security software for free today! http://www.demarc.com/info/Sentarus/hamr30 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
__________________________________________________________________ Switch to Netscape Internet Service. As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: sfportscan - open ports Hin (Apr 01)
- Re: sfportscan - open ports Jeremy Hewlett (Apr 04)