[Snort-users] Problems ignoring a host

Peter Sundstrom peter at ...4950...
Mon Feb 11 18:52:04 EST 2002

----- Original Message -----
From: "Erek Adams" <erek at ...577...>
> On Tue, 12 Feb 2002, Peter Sundstrom wrote:
> > I'm trying to ignore alerts triggered by our scanner without any luck.
> [...snip...]
> > What am I missing?
> The fact that the portscan alerts are generated by ssp_portscan.{c,h} and
> snort.  Since that's from a pre-processor, pass rules won't help.  Use the
> config file directive "portscan ignorehosts" or use a BPF filter to ignore
> traffic from that host.

I forgot to say that I am using "portscan ignorehosts".  In snort.conf I

preprocessor portscan-ignorehosts: $SNMP_HOSTS $IS_HOSTS


More information about the Snort-users mailing list