aboutsummaryrefslogtreecommitdiffstats
path: root/packages
diff options
context:
space:
mode:
authorScott Dale <sdale@pfsense.org>2007-02-21 21:20:46 +0000
committerScott Dale <sdale@pfsense.org>2007-02-21 21:20:46 +0000
commitdf4a0aeaf688b499ec909638fc9064c2698208ed (patch)
treeaa6d1426eca0c1d2a7fe66159aacc52a8c204657 /packages
parent4ee2ddc130c9077902cc468b979e8b6280ab6153 (diff)
downloadpfsense-packages-df4a0aeaf688b499ec909638fc9064c2698208ed.tar.gz
pfsense-packages-df4a0aeaf688b499ec909638fc9064c2698208ed.tar.bz2
pfsense-packages-df4a0aeaf688b499ec909638fc9064c2698208ed.zip
Removed the flow-portscan preprocessor and inserted the sfportscan preprocessor. Flow-portscan has been deprecated from Snort.
Diffstat (limited to 'packages')
-rw-r--r--packages/snort/snort.inc33
1 files changed, 8 insertions, 25 deletions
diff --git a/packages/snort/snort.inc b/packages/snort/snort.inc
index 04ff8809..1023d90f 100644
--- a/packages/snort/snort.inc
+++ b/packages/snort/snort.inc
@@ -365,31 +365,14 @@ preprocessor rpc_decode: 111 32771
preprocessor bo
preprocessor telnet_decode
-#Flow Portscan
-preprocessor flow-portscan: \
- talker-sliding-scale-factor 0.50 \
- talker-fixed-threshold 30 \
- talker-sliding-threshold 30 \
- talker-sliding-window 20 \
- talker-fixed-window 30 \
- scoreboard-rows-talker 30000 \
- server-watchnet \$HOME_NET \
- server-ignore-limit 200 \
- server-rows 65535 \
- server-learning-time 14400 \
- server-scanner-limit 4 \
- scanner-sliding-window 20 \
- scanner-sliding-scale-factor 0.50 \
- scanner-fixed-threshold 15 \
- scanner-sliding-threshold 40 \
- scanner-fixed-window 15 \
- scoreboard-rows-scanner 30000 \
- alert-mode once \
- output-mode msg \
- portscan-ignorehosts: \$HOME_NET \
- tcp-penalties on
-
-
+#sf Portscan
+preprocessor sfportscan: proto { all } \
+ scan_type { all } \
+ sense_level { high } \
+ watch_ip { \$HOME_NET } \
+ ignore_scanners { \$HOME_NET } \
+ ignore_scanned { \$HOME_NET }
+
#Required files
include classification.config
include reference.config