|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Alberto Gonzalez (ag-snort_at_cerebro.violating.us)
Date: Fri Oct 11 2002 - 22:18:48 CDT
how do you want to 'block' them? you want it to stop alerting? or you
want to block them via 'dropping' packets?
check out portscan2-ignorehosts, its the same function that preprocessor
portscan had.
That seems like what your attempting todo.
Hope it helps... Just my 8cents, the other 2 are free! :-)
- Albert
Bob Van Cleef wrote:
>I am seeing these false positives. I suspect they may be rwhod broadcasts,
>but am not how to verify this and where I would block them in the
>configuration files.
>
>[**] [117:1:1] (spp_portscan2) Portscan detected from 192.86.7.22: 6
>targets 6 ports in 50 seconds [**]
>10/11-15:50:18.538938 192.86.7.22:513 -> 192.86.7.255:513
>UDP TTL:64 TOS:0x0 ID:17338 IpLen:20 DgmLen:88
>Len: 68
>
>Bob
>
>
>
-- The secret to success is to start from scratch and keep on scratching.------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users
lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]