|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Alberto Gonzalez (ag-snort_at_cerebro.violating.us)
Date: Tue Oct 22 2002 - 01:51:11 CDT
like spp_portscan , spp_portscan2 has 'ignore-hosts; as well....
- 2 cents
hope it helps
- Albert
Security Admin wrote:
> I updated my snort installation (3 sensors and a central console) to
> 1.9.0 last week. I reviewed the new snort.conffiles and everything
> looks fine. The problem I am having is it is logging portscans to my
> database from IP's which are in my preprocessorportscan ignore-hosts
> list. These ip'sare my external DNS, firewall ip and web proxy
> (needless to say they are chatty). I have turned on the new Portscan2
> preprocessor, and all the alerts from these IP's show as
> (spp_portscan2). Is there some way to exclude IP addresses from the
> Portscan2 preprocessor, assuming of course my assumption is correct
> and this is where these alerts are originating? I was previously
> running 1.8.7 and this wasn't an issue.
>
>
>
> Any input would be greatly appreciated.
>
>
>
> Cheers,
>
> Wayne
>
>
>
-- The secret to success is to start from scratch and keep on scratching.------------------------------------------------------- This sf.net emial is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ad.doubleclick.net/clk;4699841;7576298;k?http://www.sun.com/javavote _______________________________________________ Snort-users mailing list Snort-users
lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]