Snort mailing list archives
Re: RE: Portscan2-ignorehosts
From: zottmann () ig com br
Date: Thu, 11 Sep 2003 17:20:33 -0300
Thanks for the replys from Paul and Matt.... I am using portscan2 with snort 2.0.0, but, as I am also using SnortCenter, I got confused because it doesn´t have a portscan2-ignorehosts preprocessor pre-configured, although having the portscan2 preprocessor. I guess that I just should create the portscan2-ignorehost preprocessor in SnortCenter, configure it, and then push the configuration to Snort, wright? TIA, Carlos Zottmann. Em 11 Sep 2003, Schmehl, Paul L escreveu:
-----Original Message----- From: zottmann () ig com br [mailto:zottmann () ig com br] Sent: Thursday, September 11, 2003 8:41 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Portscan2-ignorehosts I have seen some e-mail messages talking about the Portscan2-ignorehosts preprocessor, but I can´t find it for download anywhere.... Are they talking about Portscan-ignorehosts instead, or I am missing something?You're missing something. Portscan2 is a new, improved version of the portscan preprocessor. It's part of the snort install, and you enable or disable it in snort.conf. The sample conf file has a pretty good explanation of what it does and how it works. You should only use one or the other - either portscan or portscan2. Portscan2-ignorehosts is a configuration option that you use in the snort.conf file. If you have hosts for which you want all portscan alerts to be ignored, you put their IP addresses in the portscan2-ignorehosts
list,
like this: preprocessor portscan2-ignorehosts: ip ip ip ip Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ ----------
_________________________________________________________ Voce quer um iGMail protegido contra vírus e spams? Clique aqui: http://www.igmailseguro.ig.com.br Ofertas imperdíveis! Link: http://www.americanas.com.br/ig/ ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Portscan2-ignorehosts zottmann (Sep 11)
- Re: Portscan2-ignorehosts Matt Kettler (Sep 11)
- <Possible follow-ups>
- RE: Portscan2-ignorehosts Schmehl, Paul L (Sep 11)
- Re: RE: Portscan2-ignorehosts zottmann (Sep 11)