[Snort-users] portscan-ignorhosts

Dave Ryan dave at ...1192...
Mon Jan 22 05:04:02 EST 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hi,

both methods are wrong, its the second type you have here without the ","

for example: preprocessor portscan-ignorehosts: 10.0.0.1/32 172.16.0.1/32 192.168.0.1/32

preprocessors are fully explained at http://www.snort.org/writing_snort_rules.htm

 
Quoting Ralph M. Churchill (churchillrm at ...530...):
> I'm using snort 1.6.3 from the OpenBSD 2.8 ports tree. I believe that
> prior to 1.7 variable lists are not supported. Therefore, how do I go
> about specifying more than one host in the "portscan-ignorhosts"
> preprocessor? Will this work?
> 
> var TRUSTED_HOST_ONE w.x.y.z
> preprocessor portscan-ignorehosts: $TRUSTED_HOST_ONE
> 
> var TRUSTED_HOST_TWO r.s.t.u
> preprocessor portscan-ignorehosts: $TRUSTED_HOST_TWO
> 
> var TRUSTED_HOST_THREE a.b.c.d
> preprocessor portscan-ignorehosts: $TRUSTED_HOST_THREE
> 
> 
> OR do I need to do this:
> 
> preprocessor portscan-ignorehosts: $TRUSTED_HOST_ONE, $TRUSTED_HOST_TWO,
> $TRUSTED_HOST_THREE
> 
> ??? Which works under 1.6.3
> 
> 
> thanks,
> RMC
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users

- --
 
Dave Ryan <dave at ...1192...>  
http://www.default.org.uk/~dave

GnuPG Key:	http://www.default.org.uk/~dave/gpgkey.asc
Fingerprint: 	F418 C882 FF03 82A0 A99A  2720 669C E8C3 44B8 2A0F
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (OpenBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6bAWOZpzow0S4Kg8RAhmDAJ9rWnLptJMqMspNcfp0jboFXG6L8gCeLRxg
NmeUmOWJAPInLF8lIl2OJmo=
=XzZg
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list