[Snort-users] Re: Snort FAQ

sen_ml at ...1083... sen_ml at ...1083...
Thu Jan 4 20:48:14 EST 2001


thanks for the faq update.

a couple of comments:

-it looks like you have two instances of:

 Q. Why does the portscan plugin log "stealth" packets even though the
    host is in the portscan-ignorehosts list?

 as well as corresponding answers -- better to have two than zero, but
 may be one will do ;-)

-is it worth mentioning somewhere in the faq that some of the answers
 are specific to linux (some of the answers do clarify, but some
 don't)?  

 e.g. specifying ethN (N = 0, 1, ... ) as a network interface doesn't work 
 that well in bsd land.




More information about the Snort-users mailing list