[Snort-users] spp_portscan behavior is 1.8.6

Edwin Eefting edwin at ...2758...
Wed May 22 23:59:02 EDT 2002


On Wed, 22 May 2002 17:25:52 -0700 Ryan Hill <rhill at ...2446...> wrote:

> All,
> 
> Is spp_portscan designed to report STEALTH scan detections regardless of
> the
> preprocessor ignore-hosts directive?
> 
> I've got an IP which generates STEALTH packets and spp_portscan is
> reporting
> the event despite the fact the IP is entered into the ignore-hosts list
> and
> am wondering why this activity isn't being ignored.

I got this problem to. It seems the new code is still missing some if-blocks
that should look at these settings, before calling the log functions. 
I just hacked them into the source at certain
points and commented some stuff out.

> 
> Thanks,
> 
> Ryan Hill
> Corporate Information Systems
> TeleCommunication Systems, Inc. (TCS) - http://www.telecomsys.com
> 


-- 
                              __________________
Met vriendelijke groet,      /\ ___/          
Edwin Eefting               /- \ _/  Business Internet Trends BV
                           /--- \/           __________________





More information about the Snort-users mailing list