[Snort-users] sfPortscan in the snort.conf

Crook, Parker Parker_Crook at ...14786...
Wed May 5 16:33:10 EDT 2010


Good afternoon.  This is one of those minor syntax issues where you need a space between your IP's and the squiggly brackets.  Try the following instead:
ignore_scanners { }

Also, remember there is also the option, ignore_scanned!


-----Original Message-----
From: Pat McNamara [mailto:pmcnamara at ...14830...]
Sent: Wednesday, May 05, 2010 3:26 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] sfPortscan in the snort.conf

Hi all,

I am still working on my snort configuration so i am trying to add an
ignore_scanners to my port scan detection. i have the standard in my

preprocessor sfportscan: proto  { all } memcap { 10000000 }
sense_level { low }

when i try and add ignore_scanners {}  and then try and
restart snort I get this error below. i have hunted on the web for
the answer but have not found it. i am using snort

ERROR: /etc/snort/snort.conf(234) => No argument to 'ignore_scanners'
config option.
Fatal Error, Quitting..

Pat McNamara
IT Systems Administrator
.NU domain, Ltd.
Worldnames, Inc.
+1-508-359-5600 x116
pmcnamara at ...14830...

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list