[Snort-users] Portscan2-ignorehosts

zottmann at ...8178... zottmann at ...8178...
Thu Sep 11 13:37:11 EDT 2003

Thanks for the replys from Paul and Matt.... 

I am using portscan2 with snort 2.0.0, but, as I am also using SnortCenter, 
I got confused because it doesn´t have a portscan2-ignorehosts preprocessor 
pre-configured, although having the portscan2 preprocessor. 

I guess that I just should create the portscan2-ignorehost preprocessor in 
SnortCenter, configure it, and then push the configuration to Snort, wright? 

Carlos Zottmann. 

Em 11 Sep 2003, Schmehl, Paul L escreveu: 

>> -----Original Message----- 
>> From: zottmann at ...8178... [mailto:zottmann at ...8178...] 
>> Sent: Thursday, September 11, 2003 8:41 AM 
>> To: snort-users at lists.sourceforge.net 
>> Subject: [Snort-users] Portscan2-ignorehosts 
>> I have seen some e-mail messages talking about the 
>> Portscan2-ignorehosts 
>> preprocessor, but I can´t find it for download anywhere.... 
>> Are they talking about Portscan-ignorehosts instead, or I am missing 
>> something? 
>You're missing something. Portscan2 is a new, improved version of the 
>portscan preprocessor. It's part of the snort install, and you enable or 
>disable it in snort.conf. The sample conf file has a pretty good 
>explanation of what it does and how it works. 
>You should only use one or the other - either portscan or portscan2. 
>Portscan2-ignorehosts is a configuration option that you use in the 
>snort.conf file. If you have hosts for which you want all portscan alerts 
>to be ignored, you put their IP addresses in the portscan2-ignorehosts 
>like this: 
>preprocessor portscan2-ignorehosts: ip ip ip ip 
>Paul Schmehl (pauls at ...6838...) 
>Adjunct Information Security Officer 
>The University of Texas at Dallas 
>AVIEN Founding Member 

Voce quer um iGMail protegido contra vírus e spams?
Clique aqui: http://www.igmailseguro.ig.com.br
Ofertas imperdíveis! Link: http://www.americanas.com.br/ig/

More information about the Snort-users mailing list