[Snort-users] Question about preprocessor portscan and ignoring ports

Jean-Philippe Grenier jgrenier at ...1106...
Thu Jan 18 10:55:14 EST 2001

I would like to make sure if the preprocessor portscan works like I think it

If I use the preprocessor portscan and that I ignore some traffic, will the 
traffic been ignore will be count in the preprocessor portscan. Or in other 
words, is the traffic been ignore is ignored before or after the

I only want to make sure that connections on our web servers will not be
count in the preprocessor portscan.

Will the following configs do it ?

(from my config file)
preprocessor portscan: 5 7 /var/log/snort_portscan.log

# ignore incoming traffic to web servers
pass tcp any 80 <> any any 
pass tcp any 443 <> any any

# ignore outgoing traffic to email servers
pass tcp any any <> any 25

Thanks, Jean-Philippe Grenier
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010118/6f8a1b32/attachment.html>

More information about the Snort-users mailing list