[Snort-users] preprocessor portscan-ignorehosts
erek at ...950...
Tue Jul 8 13:37:14 EDT 2003
On Sat, 5 Jul 2003, Frederick B. Henry, Jr. wrote:
> preprocessor portscan-ignorehosts: $DNS_SERVERS 188.8.131.52/32
> preprocessor portscan2: scanners_max 1000, targets_max 1000, target_limit
> 5, port_limit 20, timeout 60
> I would like to not see any scan alerts from said IP in my ACID console.
> What am I doing wrong?
You are using the portscan2 preprocessor and a config directive for the
portscan preprocessor. Change that to portscan2-ignorehosts and you
should be fine.
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users