Snort mailing list archives
Re: Portscan2-ignorehosts
From: Matt Kettler <mkettler () evi-inc com>
Date: Thu, 11 Sep 2003 13:41:42 -0400
At 10:40 AM 9/11/2003 -0300, zottmann () ig com br wrote:
I have seen some e-mail messages talking about the Portscan2-ignorehosts preprocessor, but I canĀ“t find it for download anywhere.... Are they talking about Portscan-ignorehosts instead, or I am missing something?
No, they are two separate things, and you don't need to download anything for it.
Just like portscan has an ignorehosts option, portscan2 has an ignore option. Providing you're running a version of snort that has portscan2 support, you can do a line like this:
preprocessor portscan2-ignorehosts: 10.1.1.1 Just the same as you can do: preprocessor portscan-ignorehosts: 10.1.1.1However these two statements are for completely different preprocessors. If you're using classic portscan, use portscan-ignorehosts. If you're using portscan2, use portscan2-ignorehosts.
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Portscan2-ignorehosts zottmann (Sep 11)
- Re: Portscan2-ignorehosts Matt Kettler (Sep 11)
- <Possible follow-ups>
- RE: Portscan2-ignorehosts Schmehl, Paul L (Sep 11)
- Re: RE: Portscan2-ignorehosts zottmann (Sep 11)