Re: spp_portscan msg

[Erek Adams <erek () theadamsfamily net>]

On Fri, 7 Jun 2002 DICEJ () skyway usask ca wrote:

> I recently began using snort and I'm trying to sort out the msg
> you get.  One that keeps comming up is a spp_portscan.  I can not find
> the alert that records the msg. any idea?  I know this is a false because the
> machine identified in the error is my nat/firewall external interface.

There isn't an alert.

It's from a pre-processor.  Read thru the snort.conf file.  There are explicit
instructions on how to add a 'portscan ignorehost' to the .conf--Which is what
you seem to want to do.

And those alerts might be false, might not be....  Someone could be spoofing
your address....  :)  C'mon, ya gotta be paranoid a little bit!  :)

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users