FW: [Snort-users] Portscan2 woes
gavin at ...9089...
Fri May 2 10:41:18 EDT 2003
I found the answer to that in the archive yesterday. Was having the
same problem on my Win2000 box.
Add these params to your config file:
preprocessor portscan2-ignorehosts: $DNS_SERVERS
preprocessor portscan2-ignoreports-to: 80 53
preprocessor portscan2-ignoreports-from: 80
Programmer / Network Administrator
glowe at ...9089...
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Robin
Sent: Friday, May 02, 2003 10:04 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Portscan2 woes
I'd like to use it, but I keep getting alerted on what looks like normal
return web traffic:
05/02-08:27:27.107257 TCP src: 184.108.40.206 dst: 10.10.10.1 sport: 80
dport: 47493 tgts: 1 ports: 11 flags: ***A**S* event_id: 0
More information about the Snort-users