[Snort-users] portscan target filter ?
L. Christopher Luther
CLuther at ...6333...
Wed Apr 23 10:28:05 EDT 2003
Glad the "ignore..." options worked. As for enhancement requests, the
closest I can point you would be the Snort Developer's list .
From: Charles Gillet [mailto:charles at ...8901...]
Sent: Tuesday, April 22, 2003 6:17 PM
To: L. Christopher Luther
Cc: Snort-Users (E-mail)
Subject: Re: [Snort-users] portscan target filter ?
A combination of ignorehosts and ignoreports-from has cut down on my
false positives considerably. Thanks!
It wasn't clear to me how I might go about filing an enhancement
request. Can someone point me in the right direction?
L. Christopher Luther wrote:
> Did you get an answer to your question? I never say a response on the
> If not, other than:
> preprocessor portscan2-ignorehosts:
> preprocessor portscan2-ignoreports-to:
> preprocessor portscan2-ignoreports-from:
> preprocessor portscan-ignorehosts:
> I'm not aware of any other mechanism that meets your needs. Well, except
> BPF filter on the command line.
> -----Original Message-----
> From: Charles Gillet [mailto:charles at ...8901...]
> Sent: Wednesday, April 16, 2003 2:12 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] portscan target filter ?
> Hi There,
> I would like to filter out a list of port scan target ip's as well as
> source ip's. I don't see an easy way to do this with either of the two
> portscan preprocessors. Has anyone come up with a way to do this? I'm
> running 2.0.0.
> thanks for any help,
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users