[Snort-users] ignoring udp scans
s_i_d_j at ...131...
Fri May 4 17:53:03 EDT 2001
I had this line but this is only for my DNS servers, but the portscan
preprocessor logs a lot of DNS talk as portscans. This includes other DNS
servers in the internet hierarchy.
----- Original Message -----
From: "Neil Dickey" <neil at ...1633...>
To: <snort-users at lists.sourceforge.net>; <s_i_d_j at ...131...>
Sent: Friday, May 04, 2001 8:11 PM
Subject: Re: [Snort-users] ignoring udp scans
> "Sid" <s_i_d_j at ...131...> wrote asking:
> >How do i ignore udp portscans in the portscan preprocessor? Ofcourse, i
> >referring to the DNS traffic.
> Near the top of your snort configuration file, you will find a line which
> starts like this:
> preprocessor portscan-ignorehosts:
> It is probably commented out. Uncomment it, and list the IP addresses of
> the DNS servers you wish to ignore following the colon and separated by
> preprocessor portscan-ignorehosts: 111.222.333.444 555.666.777.888
> Then save the changes and reset Snort.
> Best regards,
> Neil Dickey, Ph.D.
> Research Associate/Sysop
> Geology Department
> Northern Illinois University
> DeKalb, Illinois
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
More information about the Snort-users