[Snort-users] portscan-ignorehosts for portscan2? (was Re: Portscan from self?)
bet at ...6163...
Tue Oct 8 10:31:04 EDT 2002
2002-10-08-11:30:33 Miller, Eoin:
> in your snort.conf file you will see this
> var IGNORE_PORTSCAN [w.x.y.z,w.x.y.z]
Would that I did. I don't see that in my snort.conf, nor
anywhere else in my (1.9.0) snort rules. What's more, I'm
having trouble tuning portscan2; it doesn't seem to be honoring
portscan-ignorehosts. The easiest way I've found to tune it down for
false-positives on legit servers is to use BPF to completely blind
snort to those servers. This seems suboptimal to me.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the Snort-users