Snort mailing list archives
NEWBIE: portscan tuning
From: eboo () softhome net
Date: Fri, 26 Oct 2001 06:08:27 GMT
Hi all, Sorry if this has been asked before. I've read the manual but still am not sure what I am doing wrong. I get portscan alerts from snort when I access the web: [**] [100:1:1] spp_portscan: PORTSCAN DETECTED from a.b.c.d (THRESHOLD 5 connections exceeded in 6 seconds) [**] 10/17-17:14:52.252947 /etc/snort/snort.conf: var DNS_SERVERS a.b.c.d preprocessor portscan: $HOME_NET 4 3 portscan.log (i've also tried commenting out the above line, same effect) preprocessor portscan-ignorehosts: $DNS_SERVERS How do I prevent get snort to not report portscans from my machine or any network which I specify? Thanks. Eric _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- NEWBIE: portscan tuning eboo (Oct 25)
- Re: NEWBIE: portscan tuning Legus (Oct 27)