[Snort-users] is there anyway of stoping this?

roman at ...438... roman at ...438...
Thu May 31 12:55:44 EDT 2001


Ben,

These alerts are caused by the portscan pre-processer and
are not triggered by any rule.  If you want to Snort to stop
monitoring for portscans (and prevent these messages from
appearing in your logs), comment out the
"preprocessor portscan: ..." line in your configuration file.

Roman

> Hi All.
> 
> I have looked at whitehats.com and found not direct reference to this
> portscan
> 
> --start log view---
> 05/31-01:53:39.840000  [**] spp_portscan: PORTSCAN DETECTED from
> 156.46.219.190 (STEALTH) [**]
> 05/31-01:54:32.255000  [**] spp_portscan: portscan status from
> 156.46.219.190: 1 connections across 1 hosts: TCP(1), UDP(0) STEALTH [**]
> 05/31-01:55:35.155000  [**] spp_portscan: End of portscan from
> 156.46.219.190: TOTAL time(0s) hosts(1) TCP(1) UDP(0) STEALTH [**]
> --end log view---
> 
> Can it be stopped?
> Is there a hole I have missed?
> 
> Ben Johansen
> Newbie 3rd class
> 
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






More information about the Snort-users mailing list