Snort mailing list archives

Re: RE: Portscan2-ignorehosts

From: zottmann () ig com br
Date: Thu, 11 Sep 2003 17:20:33 -0300

Thanks for the replys from Paul and Matt.... 

I am using portscan2 with snort 2.0.0, but, as I am also using SnortCenter, 
I got confused because it doesn´t have a portscan2-ignorehosts preprocessor 
pre-configured, although having the portscan2 preprocessor. 

I guess that I just should create the portscan2-ignorehost preprocessor in 
SnortCenter, configure it, and then push the configuration to Snort, wright? 

TIA, 
Carlos Zottmann. 


Em 11 Sep 2003, Schmehl, Paul L escreveu:

-----Original Message----- 
From: zottmann () ig com br [mailto:zottmann () ig com br] 
Sent: Thursday, September 11, 2003 8:41 AM 
To: snort-users () lists sourceforge net 
Subject: [Snort-users] Portscan2-ignorehosts 

I have seen some e-mail messages talking about the 
Portscan2-ignorehosts 
preprocessor, but I can´t find it for download anywhere.... 

Are they talking about Portscan-ignorehosts instead, or I am missing 
something?

You're missing something. Portscan2 is a new, improved version of the 
portscan preprocessor. It's part of the snort install, and you enable or 
disable it in snort.conf. The sample conf file has a pretty good 
explanation of what it does and how it works. 

You should only use one or the other - either portscan or portscan2. 

Portscan2-ignorehosts is a configuration option that you use in the 
snort.conf file. If you have hosts for which you want all portscan alerts 
to be ignored, you put their IP addresses in the portscan2-ignorehosts

list,

like this: 

preprocessor portscan2-ignorehosts: ip ip ip ip 

Paul Schmehl (pauls () utdallas edu) 
Adjunct Information Security Officer 
The University of Texas at Dallas 
AVIEN Founding Member 
http://www.utdallas.edu/~pauls/ 

----------


_________________________________________________________
Voce quer um iGMail protegido contra vírus e spams?
Clique aqui: http://www.igmailseguro.ig.com.br
Ofertas imperdíveis! Link: http://www.americanas.com.br/ig/



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Portscan2-ignorehosts zottmann (Sep 11)
- Re: Portscan2-ignorehosts Matt Kettler (Sep 11)
- <Possible follow-ups>
- RE: Portscan2-ignorehosts Schmehl, Paul L (Sep 11)
- Re: RE: Portscan2-ignorehosts zottmann (Sep 11)