[Snort-users] Does snort.conf have conflicting comments?
Paul D. Shaffer
ace_wizard at ...131...
Sun Nov 11 18:13:01 EST 2001
Well, its been my experience that it doesn't work very well with
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Erek Adams
Sent: Sunday, November 11, 2001 12:20 PM
To: Got Snort?
Subject: [Snort-users] Does snort.conf have conflicting comments?
In looking at the current (CVS) snort.conf, I noticed something.
Lines 37-42 discuss how to set the HOME_NET variable. They mention how to
place multiple IP's into a list.
37 # You can specify lists of IP addresses for HOME_NET
38 # by separating the IPs with commas like this:
40 # var HOME_NET [10.1.1.0/24,192.168.1.0/24]
42 # MAKE SURE YOU DON'T PLACE ANY SPACES IN YOUR LIST!
Now, looking down a bit....
227 # Use portscan-ignorehosts to ignore TCP SYN and UDP "scans" from
228 # specific networks or hosts to reduce false alerts. It is typical
229 # to see many false alerts from DNS servers so you may want to
230 # add your DNS servers here. You can all multiple hosts/networks
231 # in a whitespace-delimited list.
233 preprocessor portscan-ignorehosts: $DNS_SERVERS
It refers to a 'whitespace delimited list'.
Is this right, wrong, or a feature of using a variable in the ignorehosts
line? Or do I just need to get some coffee? :)
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
More information about the Snort-users