Snort mailing list archives
Portscan2 threshold values
From: Ueli Kistler <iuk () gmx ch>
Date: Fri, 07 Mar 2003 10:58:26 +0100
Hello,before relasing the next Eagle X release (Snort 1.9.1 or newer, php newest version without cgi vulnerability (Eagle X uses Server API module anyway), Winpcap 3.0 beta or newer (SMP support), Oinkmaster win32 with necessary cygwin files (cvs version derived from Andreas Östlings oinkmaster.pl script available on www.packx.net), etc.) i'd like to know more about threshold values used for Snort for different WAN devices:
If some people could tell me about their threshold values of portscan2 and conversation preprocessors, it would be great. Reply to eclipse () packx net, telling me which bandwith your WAN connection has, what threshold values you use and (perhaps) how often alerts are triggered.
Thanks!! Regards, Ueli Kistler eclipse () packx net www.packx.net -- ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Portscan2 threshold values Ueli Kistler (Mar 07)