[Snort-users] Ignorehosts, once again

Yonah Russ yonah at ...5038...
Tue Dec 17 07:43:18 EST 2002


On Mon, 2002-12-16 at 16:29, Marc Quibell wrote:
> OK, got another implementation of SNort. Now I forgot how I got it to ignore
> certain SOURCE IPs (such as using the DNS_SERVERS variable. I know there is a
> syntax issue with this. WHat is the exact way to ignore a host source?
> 
> I currently have:
> var DNS_SERVERS [207.108.40.###,207.108.40.###]
> preprocessor portscan-ignorehosts: $DNS_SERVERS

I had  a similar problem- which portscan preprocessor are you using? 1,2
or both? If you are using 2, make sure to put in a line
portscan2-ignorehosts (note the 2) and put it after the portscan2 line

hope that helps 

> THis does not work. I've seen several variations, none of which work: It still
> gets alerts from these hosts.
> 
> TIA
> 
> Marc
> 
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:
> With Great Power, Comes Great Responsibility 
> Learn to use your power at OSDN's High Performance Computing Channel
> http://hpc.devchannel.org/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- 
Yonah Russ <yonah at ...5038...>
Jerusalem College of Technology





More information about the Snort-users mailing list