Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: portscan preprocessor and external net

From: Jason Brvenik <jasonb () sourcefire com>
Date: Tue, 29 Nov 2005 09:34:35 -0500
Variables are not supported for preprocessors. You need to use the
actual definitions of the networks and not the variable itself.

marco turr wrote:

  Hi,
I have a problem with portscan preprocessor.
I need to detect scan from $home -> $home and scan from $home -> any.
I see that in sfportscan and flow-portscan preprocessor there are
options like src-ignore-net or ignore-scanners.
Now if i set one of this options at $EXTERNAL_NET (where  EXTERNAL_NET
is !$HOME_NET) i get an error.
How can i resolve this?
Thanks a lot

------------------------------------------------------------------------
*Yahoo! Mail*
<http://us.rd.yahoo.com/mail_it/taglines/*http://it.mail.yahoo.com>:
gratis 1GB per i messaggi, antispam, antivirus, POP3



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: