[Snort-users] Question about preprocessor portscan and ignoring ports
jgrenier at ...1106...
Thu Jan 18 10:55:14 EST 2001
I would like to make sure if the preprocessor portscan works like I think it
If I use the preprocessor portscan and that I ignore some traffic, will the
traffic been ignore will be count in the preprocessor portscan. Or in other
words, is the traffic been ignore is ignored before or after the
I only want to make sure that connections on our web servers will not be
count in the preprocessor portscan.
Will the following configs do it ?
(from my config file)
preprocessor portscan: 192.168.6.0/24 5 7 /var/log/snort_portscan.log
# ignore incoming traffic to web servers
pass tcp any 80 <> any any
pass tcp any 443 <> any any
# ignore outgoing traffic to email servers
pass tcp any any <> any 25
Thanks, Jean-Philippe Grenier
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users