Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Ignorehosts, once again

From: "Brandis Jaroslav" <jaroslav.brandis () softec sk>
Date: Tue, 17 Dec 2002 09:14:57 +0100
OK, got another implementation of SNort. Now I forgot how I 
got it to ignore certain SOURCE IPs (such as using the 
DNS_SERVERS variable. I know there is a syntax issue with 
this. WHat is the exact way to ignore a host source?

I currently have:
var DNS_SERVERS [207.108.40.###,207.108.40.###]
preprocessor portscan-ignorehosts: $DNS_SERVERS

THis does not work. I've seen several variations, none of 
which work: It still gets alerts from these hosts.


I got same problem.  It's problem of config directive order.
Preprocessor ignoreshost must be after Preprocessor portscan
If you are using portscan2 you can use preprocessor
portscan2-ignorehosts: blabla

Use this order:

var DNS_SERVERS [207.108.40.###,207.108.40.###]
preprocessor portscan blablabla
preprocessor portscan-ignorehosts: $DNS_SERVERS


-------------------------------------------------------
This sf.net email is sponsored by:
With Great Power, Comes Great Responsibility
Learn to use your power at OSDN's High Performance Computing Channel
http://hpc.devchannel.org/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: