Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Portscan2 threshold values

From: Ueli Kistler <iuk () gmx ch>
Date: Fri, 07 Mar 2003 10:58:26 +0100
Hello,
before relasing the next Eagle X release (Snort 1.9.1 or newer, php newest version without cgi vulnerability (Eagle X uses Server API module anyway), Winpcap 3.0 beta or newer (SMP support), Oinkmaster win32 with necessary cygwin files (cvs version derived from Andreas Östlings oinkmaster.pl script available on www.packx.net), etc.) i'd like to know more about threshold values used for Snort for different WAN devices:
If some people could tell me about their threshold values of portscan2 and conversation preprocessors, it would be great. Reply to eclipse () packx net, telling me which bandwith your WAN connection has, what threshold values you use and (perhaps) how often alerts are triggered. 
Thanks!!

Regards,
   Ueli Kistler
   eclipse () packx net
   www.packx.net

--



-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger
for complex code. Debugging C/C++ programs can leave you feeling lost and
disoriented. TotalView can help you find your way. Available on major UNIX
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: