[Snort-users] portscan-ignorehosts for portscan2? (was Re: Portscan from self?)

Bennett Todd bet at ...6163...
Tue Oct 8 10:31:04 EDT 2002


2002-10-08-11:30:33 Miller, Eoin:
> in your snort.conf file you will see this
> 
> var IGNORE_PORTSCAN [w.x.y.z,w.x.y.z]

Would that I did. I don't see that in my snort.conf, nor
anywhere else in my (1.9.0) snort rules. What's more, I'm
having trouble tuning portscan2; it doesn't seem to be honoring
portscan-ignorehosts. The easiest way I've found to tune it down for
false-positives on legit servers is to use BPF to completely blind
snort to those servers. This seems suboptimal to me.

-Bennett
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20021008/52cf814c/attachment.sig>


More information about the Snort-users mailing list