[Snort-users] Problems ignoring a host

Erek Adams erek at ...577...
Mon Feb 11 18:18:04 EST 2002

On Tue, 12 Feb 2002, Peter Sundstrom wrote:

> I'm trying to ignore alerts triggered by our scanner without any luck.


> What am I missing?

The fact that the portscan alerts are generated by ssp_portscan.{c,h} and not
snort.  Since that's from a pre-processor, pass rules won't help.  Use the
config file directive "portscan ignorehosts" or use a BPF filter to ignore
traffic from that host.


Erek Adams

More information about the Snort-users mailing list