Snort mailing list archives
Portscan2, where port !=X
From: "Jade E. Deane" <jade.deane () riven net>
Date: 30 Aug 2003 21:55:33 -0500
Is it possible to ignore a scan using portscan2, where the source port is X? Example: 07/06/03-17:55:19.708517 TCP src: 168.103.115.138 dst: 10.0.47.3 sport: 443 dport: 49399 tgts: 1 ports: 60 flags: ***A**S* event_id: 108 07/06/03-17:55:20.136362 TCP src: 168.103.115.138 dst: 10.0.47.3 sport: 443 dport: 39705 tgts: 1 ports: 61 flags: ***A**S* event_id: 108 07/06/03-17:55:20.268826 TCP src: 168.103.115.138 dst: 10.0.47.3 sport: 443 dport: 49401 tgts: 1 ports: 62 flags: ***A**S* event_id: 108 Etc... I'd like to ignore any scans where the remote host's source port is 80 or 443. Regards, Jade -- PGP Public Key: http://www.riven.net/~moose/key.asc
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Portscan2, where port !=X Jade E. Deane (Aug 30)
- Re: Portscan2, where port !=X Matt Kettler (Aug 31)
- Re: Portscan2, where port !=X Jade E. Deane (Aug 31)
- Re: Portscan2, where port !=X Matt Kettler (Aug 31)
- Re: Portscan2, where port !=X Jade E. Deane (Aug 31)
- Re: Portscan2, where port !=X Matt Kettler (Aug 31)