[Snort-users] Turning off portscans

Steve Halligan agent33 at ...187...
Mon Apr 30 15:46:18 EDT 2001


That should get the portscans off, unless they are "stealth" scans.  This
type of scan triggers a regular plain old snort rule.  To eliminate these,
comment the rule.  

As far as the crash goes, any error messages?
-Steve

> -----Original Message-----
> From: Siddhartha Jain [mailto:s_i_d_j at ...131...]
> Sent: Monday, April 30, 2001 12:44 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Turning off portscans
> 
> 
> Hi,
> 
> How do i turnoff listening for portscans? I commented out 
> these two lines
> from the conf file and snort crashed. Snort 1.7 on Solaris 2.6/Sparc.
> 
> preprocessor portscan: $INTERNAL 4 3 portscan.log
> preprocessor portscan-ignorehosts: $DNS_SERVERS
> 
> Siddhartha
> 
> 
> 
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 




More information about the Snort-users mailing list