[Snort-users] portscan target filter ?
charles at ...8901...
Wed Apr 23 07:41:58 EDT 2003
A combination of ignorehosts and ignoreports-from has cut down on my
false positives considerably. Thanks!
It wasn't clear to me how I might go about filing an enhancement
request. Can someone point me in the right direction?
L. Christopher Luther wrote:
> Did you get an answer to your question? I never say a response on the list.
> If not, other than:
> preprocessor portscan2-ignorehosts:
> preprocessor portscan2-ignoreports-to:
> preprocessor portscan2-ignoreports-from:
> preprocessor portscan-ignorehosts:
> I'm not aware of any other mechanism that meets your needs. Well, except
> BPF filter on the command line.
> -----Original Message-----
> From: Charles Gillet [mailto:charles at ...8901...]
> Sent: Wednesday, April 16, 2003 2:12 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] portscan target filter ?
> Hi There,
> I would like to filter out a list of port scan target ip's as well as
> source ip's. I don't see an easy way to do this with either of the two
> portscan preprocessors. Has anyone come up with a way to do this? I'm
> running 2.0.0.
> thanks for any help,
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users