[Snort-users] Question about preprocessor portscan and ignoring ports

Jean-Philippe Grenier jgrenier at ...1106...
Thu Jan 18 10:55:14 EST 2001


I would like to make sure if the preprocessor portscan works like I think it
is.

If I use the preprocessor portscan and that I ignore some traffic, will the 
traffic been ignore will be count in the preprocessor portscan. Or in other 
words, is the traffic been ignore is ignored before or after the
preprocessor 
portscan.

I only want to make sure that connections on our web servers will not be
count in the preprocessor portscan.


Will the following configs do it ?

(from my config file)
preprocessor portscan: 192.168.6.0/24 5 7 /var/log/snort_portscan.log

# ignore incoming traffic to web servers
pass tcp any 80 <> any any 
pass tcp any 443 <> any any

# ignore outgoing traffic to email servers
pass tcp any any <> any 25


Thanks, Jean-Philippe Grenier
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010118/6f8a1b32/attachment.html>


More information about the Snort-users mailing list