sf_portscan tuning

["Turnbough, Bradley E." <bturnbough () belcan com>]

Can someone tell me how to filter this out of the portscan.log file?

Time: 10/29-15:10:06.363387
event_ref: 0
11.22.33.44 -> 55.66.77.88 (portscan) TCP Portsweep
Priority Count: 5
Connection Count: 12
IP Count: 19
Scanned IP Range: 9.10.11.12:13.14.15.16
Port/Proto Count: 1
Port/Proto Range: 113:113

I only want to filter out what this thing considers scans from 11.22.33.44 to TCP 113 on any host.  11.22.33.44 is a 
Proxy server and is querying for TCP 113 because 113 is tied to IDENT (our proxy auth tracking mechanism).


This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the 
addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this 
information is prohibited. Please reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is 
appreciated.

------------------------------------------------------------------------------
The Windows 8 Center - In partnership with Sourceforge
Your idea - your app - 30 days.
Get started!
http://windows8center.sourceforge.net/
what-html-developers-need-to-know-about-coding-windows-8-metro-style-apps/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!