[Snort-users] 4d:41:43:44:41:44 - MACDAD
kvetch at ...11827...
Thu Oct 12 14:21:40 EDT 2006
I am seeing a bunch the MACDAD entries in my snort.logs. From what I
understand Snort's portscan detector wraps the packets with the info
like the 4d:41:43:44:41:44 MAC's, proto255 and such so it can bundle
them all up.
If I wanted to ignore these packets how could I set this? Would I
have to comment out the preprocessor flow line? Is the flow tracking
still only detecting portscans? Will this hinder anything else if I
comment this out or is there a better way to do this?
More information about the Snort-users