RE: Portscan2-ignorehosts

["Schmehl, Paul L" <pauls () utdallas edu>]

> -----Original Message-----
> From: zottmann () ig com br [mailto:zottmann () ig com br] 
> Sent: Thursday, September 11, 2003 8:41 AM
> To: snort-users () lists sourceforge net
> Subject: [Snort-users] Portscan2-ignorehosts
>
> I have seen some e-mail messages talking about the 
> Portscan2-ignorehosts 
> preprocessor, but I can´t find it for download anywhere.... 
>
> Are they talking about Portscan-ignorehosts instead, or I am missing 
> something? 
You're missing something.  Portscan2 is a new, improved version of the portscan preprocessor.  It's part of the snort 
install, and you enable or disable it in snort.conf.  The sample conf file has a pretty good explanation of what it 
does and how it works.

You should only use one or the other - either portscan or portscan2.

Portscan2-ignorehosts is a configuration option that you use in the snort.conf file.  If you have hosts for which you 
want all portscan alerts to be ignored, you put their IP addresses in the portscan2-ignorehosts list, like this:

preprocessor portscan2-ignorehosts: ip ip ip ip

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users