Snort mailing list archives
Portscan parameters
From: "shadi Rostami" <shadi () inkra com>
Date: Tue, 1 Oct 2002 12:46:17 -0700
I was just wondering, what are the typical values for portscan threshold and period. In snort.conf, it seems to be 4 ports in 3 seconds. Are these realistic numbers? Don't you get many false alarms if you set these numbers? I myself was thinking of portscan as about 50 scans within a second! Thanks a lot --Shadi
Current thread:
- Portscan parameters shadi Rostami (Oct 01)
- Re: Portscan parameters Glenn Forbes Fleming Larratt (Oct 01)
- Snort 1.9 flow keyword shadi Rostami (Oct 29)
- Re: Snort 1.9 flow keyword Chris Green (Oct 29)
- Re: Snort 1.9 flow keyword Brian (Nov 07)