Snort mailing list archives
Re: Snort portscan false positives?
From: Felipe Alfaro Solana <snort () felipe-alfaro com>
Date: 09 Oct 2002 23:39:31 +0200
You say ps2 has no idea what my HOME_NET is... I have defined HOME_NET on my "snort.conf" file as "var HOME_NET 192.168.0.0/24". Does ps2 ignore the value of this variable? On Wed, 2002-10-09 at 22:00, Erek Adams wrote:
The reason that portscan2 is flagging that as a scan is there are 'more than x connections to y targets.' Since ps2 has no idea of what your HOME_NET is, it sees the connections and flags them, even though they are coming from you. Just define portscan2-ignorehosts with your IP and all should be well. Cheers! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort portscan false positives? Felipe Alfaro Solana (Oct 09)
- Re: Snort portscan false positives? Erek Adams (Oct 09)
- Re: Snort portscan false positives? Felipe Alfaro Solana (Oct 09)
- Re: Snort portscan false positives? Erek Adams (Oct 09)
- Re: Snort portscan false positives? Bob Van Cleef (Oct 10)
- Re: Snort portscan false positives? Felipe Alfaro Solana (Oct 09)
- Re: Snort portscan false positives? Erek Adams (Oct 09)
- <Possible follow-ups>
- RE: Snort portscan false positives? Beckett, Josh (Oct 09)