Snort mailing list archives

Previous By Date Next
Previous By Thread Next

AW: (Snort-users) NEWBIE: portscan tuning

From: <sandro.poppi () wacker com>
Date: Mon, 29 Oct 2001 07:56:00 +0100

Try

var DNS_SERVERS [a.b.c.d/32]

or if you want to put in more, ie. a host and a class c network

var DNS_SERVERS [a.b.c.d/32,w.x.y.z/24]

HTH,
Sandro


-----Ursprüngliche Nachricht-----
Von: Legus <eboo () softhome net> at internet
Gesendet: Sonntag, 28. Oktober 2001 11:54
An: snort-users () lists sourceforge net at Internet
Betreff: RE: [Snort-users] NEWBIE: portscan tuning


Sorry,

This problem is driving me crazy. Any help? Is my conf setting wrong
with respect to the portscan?

Please help, thanks.

* eboo () softhome net (eboo () softhome net) wrote:


Hi all,

Sorry if this has been asked before. I've read the manual

but still am not

sure what I am doing wrong.

I get portscan alerts from snort when I access the web:

[**] [100:1:1] spp_portscan: PORTSCAN DETECTED from a.b.c.d
(THRESHOLD 5 connections exceeded in 6 seconds) [**]
10/17-17:14:52.252947

/etc/snort/snort.conf:

var DNS_SERVERS a.b.c.d

preprocessor portscan: $HOME_NET 4 3 portscan.log
(i've also tried commenting out the above line, same effect)

preprocessor portscan-ignorehosts: $DNS_SERVERS


How do I prevent get snort to not report portscans from my

machine or

any network which I specify?

Thanks.

Eric

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: