[Snort-users] portscan2-ignorehosts & portscan-ignorehosts

Distribution Lists dist-lists at ...7559...
Mon Dec 2 10:18:31 EST 2002


I have this in my snort.conf

preprocessor portscan2: scanners_max 3200, targets_max 5000, target_limit
5, port_limit 20, timeout 60
preprocessor portscan-ignorehosts: 24.167.76.32
preprocessor portscan: $HOME_NET 4 3 portscan.log
preprocessor portscan2-ignorehosts:  24.167.76.32

but I still getting

[**] [100:1:1] spp_portscan: PORTSCAN DETECTED from 24.167.76.32
(THRESHOLD 4 connections exceeded in 0 seconds) [**]

So any ideas what I have missed ?

Regards







More information about the Snort-users mailing list