[Snort-users] 4d:41:43:44:41:44 - MACDAD

Nick Baronian kvetch at ...11827...
Thu Oct 12 14:21:40 EDT 2006

I am seeing a bunch the MACDAD entries in my snort.logs.  From what I
understand Snort's portscan detector wraps the packets with the info
like the 4d:41:43:44:41:44 MAC's, proto255 and such so it can bundle
them all up.
If I wanted to ignore these packets how could I set this?  Would I
have to comment out the preprocessor flow line?  Is the flow tracking
still only detecting portscans?  Will this hinder anything else if I
comment this out or is there a better way to do this?

Nick Baronian

More information about the Snort-users mailing list