[Snort-users] Problems ignoring a host

Erek Adams erek at ...577...
Mon Feb 11 18:18:04 EST 2002


On Tue, 12 Feb 2002, Peter Sundstrom wrote:

> I'm trying to ignore alerts triggered by our scanner without any luck.

[...snip...]

> What am I missing?

The fact that the portscan alerts are generated by ssp_portscan.{c,h} and not
snort.  Since that's from a pre-processor, pass rules won't help.  Use the
config file directive "portscan ignorehosts" or use a BPF filter to ignore
traffic from that host.

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list