Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Editing detect_scans

From: "Michael Shekman" <MichaelS80 () ci manchester ct us>
Date: Tue, 08 Oct 2002 18:27:55 -0400
I am running network behind a PIX firewall, and every web connection generates a ton of scan alerts, since every 
connection from the same web host IP (port 80) creates a score of ports on the "inside", which is rightfully detected 
by Snort as a scan. Thus, I would like to edit out ports 53, 80 and 443 from the detection scheme in streams4 
preprocessor. 

How can I do it on the Windows and Linux machines (later is more critical)?

Thanks,

M.S.



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: