[Snort-users] Really, *really* ignore a portscan.

Scott A. McIntyre scott at ...1050...
Fri Jan 26 01:51:23 EST 2001


Hi,

Due to what appears to be a funky interaction with 2.4 and iptables, one
particular node in question reports a (false) Stealth portscan against
me whenever it sends SMTP traffic to one of my nodes.  I'd love to be
able to filter this out, but so far neither a pass rule (for udp or tcp)
or a preprocessor ignore statement has done the trick.  Is there a
hidden function that will really, honestly and truly, ignore a
particular portscan?

Many thanks for any ideas.

Scott





More information about the Snort-users mailing list