[Snort-users] Question regarding sfportscan
This is a discussion on [Snort-users] Question regarding sfportscan within the Snort forums, part of the System Security and Security Related category; Howdy, I've recently installed 2.3.0-RC2 and added the sfportscan preprocessor and noticed something with the ignore_scanners ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-29-2004
|
|||
|
|||
[Snort-users] Question regarding sfportscan
Howdy,
I've recently installed 2.3.0-RC2 and added the sfportscan preprocessor and noticed something with the ignore_scanners config option. I've set up a few variables containing proxy- and mailservers which the portscan preprocessor detects as portscanning. These I've added to the ignore_scanners option like this: ignore_scanners { [$PROXY_SERVERS,$MAIL_SERVERS] } \ The $PROXY_SERVERS variable is built out of two other variables ($X and $Y). The problem is that when I run a check on the config the "Portscan Detection Config" only lists the IPs in the first variable ($X). I tried to find out more from the README.sfportscan but I couldn't find anything. Is this a feature ? Regards -- J-H Johansen -- There are 10 kinds of people in the world: Those who understand binary and those who don't... ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
