[Snort-users] preprocessor portscan-ignorehosts

Erek Adams erek at ...950...
Tue Jul 8 13:37:14 EDT 2003


On Sat, 5 Jul 2003, Frederick B. Henry, Jr. wrote:

[...snip...]

> preprocessor portscan-ignorehosts: $DNS_SERVERS 209.248.79.90/32

[...snip...]

> preprocessor portscan2: scanners_max 1000, targets_max 1000, target_limit
> 5, port_limit 20, timeout 60
>
> I would like to not see any scan alerts from said IP in my ACID console.
> What am I doing wrong?

You are using the portscan2 preprocessor and a config directive for the
portscan preprocessor.  Change that to portscan2-ignorehosts and you
should be fine.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson




More information about the Snort-users mailing list