Snort mailing list archives

Ingoring Hosts

From: Ayse Ekinci <ayse () deakin edu au>
Date: Sun, 11 Nov 2001 20:11:38 +1100


Although I have an entry to ignore couple of my servers (yp, networking 
monitoring etc) ...:

        portscan-ignorehosts: x.x.x.1/32  x.x.x.2/32

Snort still will not ingore them and I still recieve the following messages
via syslog:

        2 in 0:15:36: my_host snort: [ID 702911 local1.notice]
        spp_portscan: portscan status from x.x.x.1: 5 connections across 1 hosts:
        TCP(2), UDP(3)

        Nov 11 19:59:19 my_host snort: [ID 702911 local1.notice]
        spp_portscan: End of portscan from x.x.x.2: TOTAL time(1s) hosts(1) TCP(0)
        UDP(5)

        2 in 1:00:00: my_host snort: [ID 702911 local1.notice]
        spp_portscan: PORTSCAN DETECTED from x.x.x.3 (THRESHOLD 4 connections
        exceeded in 0 seconds)

Can anyone tell me what have I missed - please.

Regards & thnx in advance
Ayse

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Ingoring Hosts Ayse Ekinci (Nov 11)
- Session errors after changing database Dan McIntosh (Nov 11)
  - Graph alert data problem Dan McIntosh (Nov 11)
    - RE: Graph alert data problem Dan McIntosh (Nov 11)
    - Re: Graph alert data problem Phil Wood (Nov 11)
    - RE: Graph alert data problem Dan McIntosh (Nov 11)
- Re: Ingoring Hosts Erek Adams (Nov 11)