[Snort-users] sfPortscan in the snort.conf

Crook, Parker Parker_Crook at ...14786...
Wed May 5 16:33:10 EDT 2010


Pat,

Good afternoon.  This is one of those minor syntax issues where you need a space between your IP's and the squiggly brackets.  Try the following instead:
ignore_scanners { 69.35.74.64/26 }

Also, remember there is also the option, ignore_scanned!

-Parker

-----Original Message-----
From: Pat McNamara [mailto:pmcnamara at ...14830...]
Sent: Wednesday, May 05, 2010 3:26 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] sfPortscan in the snort.conf

Hi all,

I am still working on my snort configuration so i am trying to add an
ignore_scanners to my port scan detection. i have the standard in my
snort.conf

preprocessor sfportscan: proto  { all } memcap { 10000000 }
sense_level { low }

when i try and add ignore_scanners {69.35.74.64/26}  and then try and
restart snort I get this error below. i have hunted on the web for
the answer but have not found it. i am using snort 2.8.5.3


ERROR: /etc/snort/snort.conf(234) => No argument to 'ignore_scanners'
config option.
Fatal Error, Quitting..

Thanks
Pat McNamara
IT Systems Administrator
.NU domain, Ltd.
Worldnames, Inc.
+1-508-359-5600 x116
pmcnamara at ...14830...






------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list