[Snort-users] preprocessor portscan-ignorehosts
Frederick B. Henry, Jr.
fbhjr at ...9626...
Tue Jul 8 13:16:11 EDT 2003
I am using snort Version 1.9.0 (Build 209), with mysql and ACID v0.9.6b23.
I have the following in my snort.conf:
preprocessor portscan-ignorehosts: $DNS_SERVERS 220.127.116.11/32
The problem is that I still get a ton of false positive scan alerts from
I also have:
preprocessor portscan2: scanners_max 1000, targets_max 1000, target_limit
5, port_limit 20, timeout 60
I would like to not see any scan alerts from said IP in my ACID console.
What am I doing wrong?
More information about the Snort-users