[Snort-users] Really, *really* ignore a portscan.
s.veckes at ...1190...
Fri Jan 26 02:23:21 EST 2001
At 07:51 26.01.01 +0100, Scott A. McIntyre wrote:
>Due to what appears to be a funky interaction with 2.4 and iptables, one
>particular node in question reports a (false) Stealth portscan against
>me whenever it sends SMTP traffic to one of my nodes. I'd love to be
>able to filter this out, but so far neither a pass rule (for udp or tcp)
>or a preprocessor ignore statement has done the trick. Is there a
>hidden function that will really, honestly and truly, ignore a
>Many thanks for any ideas.
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
Did you use the '-o' switch??
Snort is doing the alerts befor passing the traffic. with this switch you
can change the order
how it processes the rules. (Please correct me if I'm wrong).
I had the same thing here. For me it seems to work since yesterday.
KDD TELECOMET Deutschland Gmbh
Tel.: +49 (211) 936 98 - 518
Fax.: +49 (211) 936 98 - 50
E-Mail: mailto:s.veckes at ...1190...
More information about the Snort-users