[Snort-users] portscan-ignorhosts

Martin Roesch roesch at ...421...
Sat Jan 27 01:59:18 EST 2001


Use a space separated list of IP addresses:

preprocessor portscan-ignorehosts: 10.1.1.1/32 10.1.1.2/32 10.1.1.4/32

   -Marty

"Ralph M. Churchill" wrote:
> 
> I'm using snort 1.6.3 from the OpenBSD 2.8 ports tree. I believe that
> prior to 1.7 variable lists are not supported. Therefore, how do I go
> about specifying more than one host in the "portscan-ignorhosts"
> preprocessor? Will this work?
> 
> var TRUSTED_HOST_ONE w.x.y.z
> preprocessor portscan-ignorehosts: $TRUSTED_HOST_ONE
> 
> var TRUSTED_HOST_TWO r.s.t.u
> preprocessor portscan-ignorehosts: $TRUSTED_HOST_TWO
> 
> var TRUSTED_HOST_THREE a.b.c.d
> preprocessor portscan-ignorehosts: $TRUSTED_HOST_THREE
> 
> OR do I need to do this:
> 
> preprocessor portscan-ignorehosts: $TRUSTED_HOST_ONE, $TRUSTED_HOST_TWO,
> $TRUSTED_HOST_THREE
> 
> ??? Which works under 1.6.3
> 
> thanks,
> RMC
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users

--
Martin Roesch
roesch at ...421...
http://www.snort.org




More information about the Snort-users mailing list