[Snort-users] Just can't ignore...
don at ...156...
Wed Jul 26 11:03:47 EDT 2000
OK, I give up:
I got a machine on the DMZ that scans a bunch of services on another
machine. Needless to say, snort sees this as a portscan.
Here's what I tried:
add the -o to the command line and add the following rule:
pass tcp scanner_ip any > target any
The portscans still show up in the alert log. Note that when starting I do
get a message about the rule order changing...so the -o is taking.
Since that failed, I also tried to uncomment the line in my rules that
so that it reads:
preprocessor portscan-ignorehosts: scanner_ip/32
then while starting I get an error message that says that I did not provide
a netmask on line 20 (this line). Huh?
What am I missing...
Don Kendrick, CNE, CCNA, CISSP
More information about the Snort-users