[Snort-users] NEWBIE: portscan tuning
eboo at ...2198...
Sat Oct 27 20:51:02 EDT 2001
This problem is driving me crazy. Any help? Is my conf setting wrong
with respect to the portscan?
Please help, thanks.
* eboo at ...2198... (eboo at ...2198...) wrote:
> Hi all,
> Sorry if this has been asked before. I've read the manual but still am not
> sure what I am doing wrong.
> I get portscan alerts from snort when I access the web:
> [**] [100:1:1] spp_portscan: PORTSCAN DETECTED from a.b.c.d
> (THRESHOLD 5 connections exceeded in 6 seconds) [**]
> var DNS_SERVERS a.b.c.d
> preprocessor portscan: $HOME_NET 4 3 portscan.log
> (i've also tried commenting out the above line, same effect)
> preprocessor portscan-ignorehosts: $DNS_SERVERS
> How do I prevent get snort to not report portscans from my machine or
> any network which I specify?
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users