[Snort-users] Portscan2-ignorehosts

zottmann at ...8178... zottmann at ...8178...
Thu Sep 11 13:37:11 EDT 2003


Thanks for the replys from Paul and Matt.... 

I am using portscan2 with snort 2.0.0, but, as I am also using SnortCenter, 
I got confused because it doesn´t have a portscan2-ignorehosts preprocessor 
pre-configured, although having the portscan2 preprocessor. 

I guess that I just should create the portscan2-ignorehost preprocessor in 
SnortCenter, configure it, and then push the configuration to Snort, wright? 

TIA, 
Carlos Zottmann. 


Em 11 Sep 2003, Schmehl, Paul L escreveu: 

>> -----Original Message----- 
>> From: zottmann at ...8178... [mailto:zottmann at ...8178...] 
>> Sent: Thursday, September 11, 2003 8:41 AM 
>> To: snort-users at lists.sourceforge.net 
>> Subject: [Snort-users] Portscan2-ignorehosts 
>> 
>> I have seen some e-mail messages talking about the 
>> Portscan2-ignorehosts 
>> preprocessor, but I can´t find it for download anywhere.... 
>> 
>> Are they talking about Portscan-ignorehosts instead, or I am missing 
>> something? 
>> 
>You're missing something. Portscan2 is a new, improved version of the 
>portscan preprocessor. It's part of the snort install, and you enable or 
>disable it in snort.conf. The sample conf file has a pretty good 
>explanation of what it does and how it works. 
> 
>You should only use one or the other - either portscan or portscan2. 
> 
>Portscan2-ignorehosts is a configuration option that you use in the 
>snort.conf file. If you have hosts for which you want all portscan alerts 
>to be ignored, you put their IP addresses in the portscan2-ignorehosts 
list, 
>like this: 
> 
>preprocessor portscan2-ignorehosts: ip ip ip ip 
> 
>Paul Schmehl (pauls at ...6838...) 
>Adjunct Information Security Officer 
>The University of Texas at Dallas 
>AVIEN Founding Member 
>http://www.utdallas.edu/~pauls/ 
> 
>---------- 

_________________________________________________________
Voce quer um iGMail protegido contra vírus e spams?
Clique aqui: http://www.igmailseguro.ig.com.br
Ofertas imperdíveis! Link: http://www.americanas.com.br/ig/





More information about the Snort-users mailing list