Snort mailing list archives
Re: DNS portscan alerts
From: Leigh David Heyman <leigh () ai mit edu>
Date: Mon, 18 Mar 2002 12:43:40 -0500
Oh, Sorry , my mistake , but the alerts are from many nameservers, not from a particular one and listing them all is not possible.
True, but are the scans TO several systems or just one or a few... while clearly you can't ignore all the external nameservers which are "scanning" you, can you possibly exclude your "internal" systems which are being "scanned" from the group of systems which spp_portscan is watching aver, or would that simply mean your entire network, and thus disabling spp_portscan altogether? -Leigh _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- DNS portscan alerts Dushyanth Harinath (Mar 14)
- Re: DNS portscan alerts Leigh David Heyman (Mar 15)
- Re: DNS portscan alerts Dushyanth Harinath (Mar 15)
- Re: DNS portscan alerts Leigh David Heyman (Mar 18)
- Re: DNS portscan alerts Dushyanth Harinath (Mar 18)
- Re: DNS portscan alerts Leigh David Heyman (Mar 18)
- Re: DNS portscan alerts Dushyanth Harinath (Mar 18)
- Re: DNS portscan alerts Leigh David Heyman (Mar 19)
- Re: DNS portscan alerts Dushyanth Harinath (Mar 15)
- Re: DNS portscan alerts Leigh David Heyman (Mar 15)