[Snort-users] portscan-ignorhosts

Ralph M. Churchill churchillrm at ...530...
Mon Jan 22 00:24:29 EST 2001


I'm using snort 1.6.3 from the OpenBSD 2.8 ports tree. I believe that
prior to 1.7 variable lists are not supported. Therefore, how do I go
about specifying more than one host in the "portscan-ignorhosts"
preprocessor? Will this work?

var TRUSTED_HOST_ONE w.x.y.z
preprocessor portscan-ignorehosts: $TRUSTED_HOST_ONE

var TRUSTED_HOST_TWO r.s.t.u
preprocessor portscan-ignorehosts: $TRUSTED_HOST_TWO

var TRUSTED_HOST_THREE a.b.c.d
preprocessor portscan-ignorehosts: $TRUSTED_HOST_THREE


OR do I need to do this:

preprocessor portscan-ignorehosts: $TRUSTED_HOST_ONE, $TRUSTED_HOST_TWO,
$TRUSTED_HOST_THREE

??? Which works under 1.6.3


thanks,
RMC





More information about the Snort-users mailing list