[Snort-users] spp_portscan2 questions

Gillham, Chris Chris.Gillham at ...7309...
Thu Oct 24 13:37:06 EDT 2002

Is there a way to ignore portscans TO a specific host versus FROM a
specific host?  User surfing actions are causing the return traffic to
generate port scan alerts against my firewall's public interface.

Thanks in advance!


Chris Gillham, Maritz Global Technology Services - Internet Team
1355 North Highway Drive, Fenton MO 63099
phone 636-827-1072, efax 413-702-1971, mobile 314-583-5910

e-mail: chris.gillham at ...7307...

-----Original Message-----
From: Alberto Gonzalez [mailto:ag-snort at ...7149...]
Sent: Friday, October 18, 2002 3:47 PM
To: Pauling
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] spp_portscan2 questions

actually, with 'preprocessor portscan2-ignorehosts: x.x.x.x' it will 
just ignore all portscans from that
specific host. No need to specify a certain port when you want to ignore


Pauling wrote:

>Having looked around, I don't see any way for me to tell portscan2 to 
>ignore portscans from certain hosts... does anybody know if there is
>a way, and also if there is a way to specify, "Ignore portscans from 
>certain hosts from certain ports" specifially?
>Many Thanks

The secret to success is to start from scratch and keep on scratching.

This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

<font size="1">Confidentiality Warning:  This e-mail contains information intended only for the use of the individual or entity named above.  If the reader of this e-mail is not the intended recipient or the employee or agent responsible for delivering it to the intended recipient, any dissemination, publication or copying of this e-mail is strictly prohibited. The sender does not accept any responsibility for any loss, disruption or damage to your data or computer system that may occur while using data contained in, or transmitted with, this e-mail.   If you have received this e-mail in error, please immediately notify us by return e-mail.  Thank you.

More information about the Snort-users mailing list