Snort mailing list archives
Re: Snort 1.9 and spp_portscan2
From: Vlad Gavrila <branix () xnet ro>
Date: Mon, 03 Mar 2003 19:08:41 +0200
Hi! Erek Adams wrote:
If you look at the traffic, you should see that it's coming from websites that you surf and visit. Since you're using a proxy, all web requests on the 'inside' must go thru the proxy to get 'outside'. Look at some of the traffic. I'm sure you'll see that it's just normal web and/or DNS traffic.
I know that this is legitimate traffic, but I want a way to stop such fake port scanning from getting into my logs. I have many http and dns requests, so there isn't a simple way to ignore such traffic when I take a look at the log files. (and I want to skip the `cat /some/log/ | grep -v ...` solution, which I can always handle)
So is there a way to configure spp_portscan2 not to log port scanning when it comes from ports 80 and 53?
Thanks ------------------------------------------------------- Xnet scaneaza automat toate mesajele impotriva virusilor folosind RAV AntiVirus. Xnet automatically scans all messages for viruses using RAV AntiVirus. Nota: RAV AntiVirus poate sa nu detecteze toti virusii noi sau toate variantele lor. Va rugam sa luati in considerare ca exista un risc de fiecare data cand deschideti fisiere atasate si ca MobiFon nu este responsabila pentru nici un prejudiciu cauzat de virusi. Disclaimer: RAV AntiVirus may not be able to detect all new viruses and variants. Please be aware that there is a risk involved whenever opening e-mail attachments to your computer and that MobiFon is not responsible for any damages caused by viruses. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 1.9 and spp_portscan2 Vlad Gavrila (Mar 02)
- Re: Snort 1.9 and spp_portscan2 Erek Adams (Mar 03)
- Re: Snort 1.9 and spp_portscan2 Vlad Gavrila (Mar 03)
- <Possible follow-ups>
- Re:Snort 1.9 and spp_portscan2 Always Bishan (Mar 03)
- Re: Snort 1.9 and spp_portscan2 Erek Adams (Mar 03)