Snort mailing list archives
portscan-ignoreports
From: "Jonathan J. Hart" <jhart () ccs neu edu>
Date: Wed, 15 Aug 2001 10:44:34 -0400 (EDT)
Hi there, First off, snort rules. Second, the new snort site looks great. On a few of our busier machines, my portscan log seems to get very large. Ports 110 and 113 (pop, ident) make up most of the apparent scans. Whether or not these are in fact real scans, or there is some wonkiness going on between two machines is a matter of opinion. The ability to ignore certain hosts when tracking portscan activity is very handy, but I think that a feature that allows you to select certain ports to ignore would be just as cool. Thoughts? -jon _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- portscan-ignoreports Jonathan J. Hart (Aug 15)