[Snort-users] Snort 1.9 problem

Security Admin SecurityAdmin at ...7235...
Mon Oct 21 13:18:04 EDT 2002


I updated my snort installation (3 sensors and a central console) to 1.9.0
last week. I reviewed the new snort.conf files and everything looks fine.
The problem I am having is it is logging portscans to my database from IP's
which are in my preprocessor portscan ignore-hosts list. These ip's are my
external DNS, firewall ip and web proxy (needless to say they are chatty). I
have turned on the new Portscan2 preprocessor, and all the alerts from these
IP's show as (spp_portscan2). Is there some way to exclude IP addresses from
the Portscan2 preprocessor, assuming of course my assumption is correct and
this is where these alerts are originating? I was previously running 1.8.7
and this wasn't an issue.
 
Any input would be greatly appreciated.
 
Cheers,
Wayne
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20021021/caee1f6e/attachment.html>


More information about the Snort-users mailing list