[Snort-users] preprocessor portscan-ignorehosts

Erek Adams erek at ...950...
Tue Jul 8 13:37:14 EDT 2003

On Sat, 5 Jul 2003, Frederick B. Henry, Jr. wrote:


> preprocessor portscan-ignorehosts: $DNS_SERVERS


> preprocessor portscan2: scanners_max 1000, targets_max 1000, target_limit
> 5, port_limit 20, timeout 60
> I would like to not see any scan alerts from said IP in my ACID console.
> What am I doing wrong?

You are using the portscan2 preprocessor and a config directive for the
portscan preprocessor.  Change that to portscan2-ignorehosts and you
should be fine.


Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

More information about the Snort-users mailing list