[Snort-users] spp_portscan behavior is 1.8.6
edwin at ...2758...
Wed May 22 23:59:02 EDT 2002
On Wed, 22 May 2002 17:25:52 -0700 Ryan Hill <rhill at ...2446...> wrote:
> Is spp_portscan designed to report STEALTH scan detections regardless of
> preprocessor ignore-hosts directive?
> I've got an IP which generates STEALTH packets and spp_portscan is
> the event despite the fact the IP is entered into the ignore-hosts list
> am wondering why this activity isn't being ignored.
I got this problem to. It seems the new code is still missing some if-blocks
that should look at these settings, before calling the log functions.
I just hacked them into the source at certain
points and commented some stuff out.
> Ryan Hill
> Corporate Information Systems
> TeleCommunication Systems, Inc. (TCS) - http://www.telecomsys.com
Met vriendelijke groet, /\ ___/
Edwin Eefting /- \ _/ Business Internet Trends BV
/--- \/ __________________
More information about the Snort-users