Snort mailing list archives
Re: is there anyway of stoping this?
From: roman () danyliw com
Date: Thu, 31 May 2001 12:55:44 US/Eastern
Ben, These alerts are caused by the portscan pre-processer and are not triggered by any rule. If you want to Snort to stop monitoring for portscans (and prevent these messages from appearing in your logs), comment out the "preprocessor portscan: ..." line in your configuration file. Roman
Hi All. I have looked at whitehats.com and found not direct reference to this portscan --start log view--- 05/31-01:53:39.840000 [**] spp_portscan: PORTSCAN DETECTED from 156.46.219.190 (STEALTH) [**] 05/31-01:54:32.255000 [**] spp_portscan: portscan status from 156.46.219.190: 1 connections across 1 hosts: TCP(1), UDP(0) STEALTH [**] 05/31-01:55:35.155000 [**] spp_portscan: End of portscan from 156.46.219.190: TOTAL time(0s) hosts(1) TCP(1) UDP(0) STEALTH [**] --end log view--- Can it be stopped? Is there a hole I have missed? Ben Johansen Newbie 3rd class _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- is there anyway of stoping this? Ben Johansen (May 31)
- Re: is there anyway of stoping this? Ryan Russell (May 31)
- <Possible follow-ups>
- Re: is there anyway of stoping this? roman (May 31)
- Re: is there anyway of stoping this? Neil Dickey (May 31)