Snort mailing list archives
Re: No clue?
From: Matt Kettler <mkettler () evi-inc com>
Date: Tue, 15 Nov 2005 14:09:33 -0500
John Friedman wrote:
Hi all, Since I did not get any reply on this, is there any way to suppress or pass this alert?
Suggestion: look at the ignorehosts option for portscan. Pass definitely will not work. Since pass is a rule, it can only work if the offending traffic is matching a rule. You might be able to suppress it, but you'd probably wind up having to suppress all portscans... It's generally best to configure your portscan plugins properly in the first place. Actually, if you're monitoring an internal LAN, you'll probably just want to turn it off or turn the thresholds way up. ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- No clue? John Friedman (Nov 11)
- <Possible follow-ups>
- RE: No clue? John Friedman (Nov 11)
- RE: No clue? John Friedman (Nov 15)
- Re: No clue? Matt Kettler (Nov 15)
- Re: No clue? John Friedman (Nov 15)
- RE: No clue? John Friedman (Nov 15)
- RE: No clue? John Friedman (Nov 15)
- RE: No clue? Briggs, Bruce (Nov 15)
- RE: No clue? John Friedman (Nov 15)
- Re: No clue? Joel Esler (Nov 15)
- RE: No clue? John Friedman (Nov 15)
- Re: No clue? John Friedman (Nov 15)
- Re: No clue? Joel Esler (Nov 15)
- Re: No clue? John Friedman (Nov 16)
- Re: No clue? John Friedman (Nov 16)
- Re: No clue? Eric Maheo (Nov 16)