[Snort-users] Really, *really* ignore a portscan.
Scott A. McIntyre
scott at ...1050...
Fri Jan 26 01:51:23 EST 2001
Due to what appears to be a funky interaction with 2.4 and iptables, one
particular node in question reports a (false) Stealth portscan against
me whenever it sends SMTP traffic to one of my nodes. I'd love to be
able to filter this out, but so far neither a pass rule (for udp or tcp)
or a preprocessor ignore statement has done the trick. Is there a
hidden function that will really, honestly and truly, ignore a
Many thanks for any ideas.
More information about the Snort-users