Snort mailing list archives
RE: Ignorehosts, once again
From: "Brandis Jaroslav" <jaroslav.brandis () softec sk>
Date: Tue, 17 Dec 2002 09:14:57 +0100
OK, got another implementation of SNort. Now I forgot how I got it to ignore certain SOURCE IPs (such as using the DNS_SERVERS variable. I know there is a syntax issue with this. WHat is the exact way to ignore a host source? I currently have: var DNS_SERVERS [207.108.40.###,207.108.40.###] preprocessor portscan-ignorehosts: $DNS_SERVERS THis does not work. I've seen several variations, none of which work: It still gets alerts from these hosts.
I got same problem. It's problem of config directive order. Preprocessor ignoreshost must be after Preprocessor portscan If you are using portscan2 you can use preprocessor portscan2-ignorehosts: blabla Use this order: var DNS_SERVERS [207.108.40.###,207.108.40.###] preprocessor portscan blablabla preprocessor portscan-ignorehosts: $DNS_SERVERS ------------------------------------------------------- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Ignorehosts, once again Marc Quibell (Dec 16)
- Re: Ignorehosts, once again Yonah Russ (Dec 17)
- <Possible follow-ups>
- RE: Ignorehosts, once again Brandis Jaroslav (Dec 17)
- Ignorehosts, once again Marc Quibell (Dec 17)