[Snort-users] suppress 'open port' on well-known services
jh at ...1935...
Wed Feb 23 12:58:07 EST 2005
On Wed, Feb 23, Roy Kidder wrote:
> Can I write suppression statements based not only on gen_id, sig_id, and
> src/dst ip, but also include tcp or udp port? Or am I approaching this the
> wrong way?
Currently a user can only ignore by Scanned host or by Scanning host
with sfPortscan. The optimal way to do this would be to add ignores
for port+IP. This is currently under development/testing - hoping to
get this out soon.
More information about the Snort-users