[Snort-users] "preprocessor portscan2-ignorehosts" ignored
jumper99 at ...348...
Mon Dec 2 10:47:05 EST 2002
> First, your ignorehosts line has to be *after* the portscan2 line.
> Second, ignorehosts ignores portscans *from* hosts, like your DNS
Thats what I wrote.
> If you are getting 5000+ alerts from people scanning your proxy, then
When my proxy sometimes opens many servers at short time and recieves
many responses snort thinks this is a portscan! :))
> you might consider putting a BPF on snort to ignore your proxy or
> something like that.
BPF?! Blocking ...?
More information about the Snort-users