Re: sfPortscan in the snort.conf

["Crook, Parker" <Parker_Crook () reyrey com>]

Pat,

Good afternoon.  This is one of those minor syntax issues where you need a space between your IP's and the squiggly 
brackets.  Try the following instead:
ignore_scanners { 69.35.74.64/26 }

Also, remember there is also the option, ignore_scanned!

-Parker

-----Original Message-----
From: Pat McNamara [mailto:pmcnamara () nic nu]
Sent: Wednesday, May 05, 2010 3:26 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] sfPortscan in the snort.conf

Hi all,

I am still working on my snort configuration so i am trying to add an
ignore_scanners to my port scan detection. i have the standard in my
snort.conf

preprocessor sfportscan: proto  { all } memcap { 10000000 }
sense_level { low }

when i try and add ignore_scanners {69.35.74.64/26}  and then try and
restart snort I get this error below. i have hunted on the web for
the answer but have not found it. i am using snort 2.8.5.3


ERROR: /etc/snort/snort.conf(234) => No argument to 'ignore_scanners'
config option.
Fatal Error, Quitting..

Thanks
Pat McNamara
IT Systems Administrator
.NU domain, Ltd.
Worldnames, Inc.
+1-508-359-5600 x116
pmcnamara () nic nu






------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users