[Snort-users] Ignorehosts still not working...

Marc Quibell mquibell at ...7759...
Thu Dec 19 07:08:02 EST 2002


My snort cmd line is:
 /usr/local/bin/snort -o -q -i eth1  -c /usr/local/demarc/conf/snorteth1.conf

My snorteth1.conf is as follows:
var HOME_NET any
var EXTERNAL_NET any
var SMTP $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
#var DNS_SERVERS $HOME_NET
var DNS_SERVERS [207.108.40.xx,207.108.40.xxx]
var HTTP_PORTS 80
var ORACLE_PORTS 1521

preprocessor defrag
preprocessor stream2: timeout 10, ports 21 23 80 110 143, maxbytes 16384
preprocessor unidecode: 80
preprocessor rpc_decode: 111
preprocessor bo: -nobrute
preprocessor telnet_decode
preprocessor portscan: $HOME_NET 4 3 portscan.log
preprocessor portscan-ignorehosts: $DNS_SERVERS
preprocessor stream4: detect_scans, disable_evasion_alerts

output database: log, mysql, user=snort_ike dbname=snortmaster password=ikeacc3s
s host=192.168.45.111 sensor_name=ike.fbfs.com


#BEGIN RULES:

I cannot get it to ignore those two hosts. Suggestions?

THanks.

Marc






More information about the Snort-users mailing list