Snort mailing list archives
Re: Another question
From: Ashley Thomas <athomas () unity ncsu edu>
Date: Sat, 11 May 2002 23:46:21 -0400 (EDT)
The numbers are sort of ids for the alert generator.. the numbers are defined as: #define GENERATOR_SPP_PORTSCAN 100 #define PORTSCAN_SCAN_DETECT 1 100 -> sig_generator 1 -> sig_id 1 -> sig_rev hope that helps... -ashley On Sun, 12 May 2002, Tommy Tsilalis wrote:
This is another Snort output. [**] [100:1:1] spp_portscan: PORTSCAN DETECTED from 192.168.0.2 (THRESHOLD 4 connections exceeded in 0 seconds) [**] I suppose that spp_portscan is the Snort function which identifies or checks for portscans. What does the following mean? [100:1:1] Thanks again. Thomas Tsilalis _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Another question Tommy Tsilalis (May 11)
- Re: Another question Ashley Thomas (May 11)