Snort mailing list archives
Re: spp_portscan2??
From: Bill Terwilliger <bill_terwilliger () harvard edu>
Date: Sat, 27 Sep 2003 17:20:02 -0400
portscan2 is snort's next generation portscan detection preprocessor. It allows you to configure configure the max number of hosts and/or ports that a portscanner can hit before it is alerted on. The parameters are:
scanners_max - max number of potential portscanners that snort will track in the tree targets_max - max number of different targets that snort will track (I think that this is per portscanner, but I forget)
target_limit - max targets a portscanner can hit before an alert is sentport_limit - max ports that a portscanner can hit before an alert is sent - the port count is a sum of the ports from all hosts (very cool) timeout - the portscanner's inactivity timeout - portscanner's will be removed from the tree if this value is hit
log - portscan2 has its own log Here are the default values: #define DEFAULT_MAX_SCANNER 1000 #define DEFAULT_TARGET_COUNT 1000 #define DEFAULT_TARGET_LIMIT 5 #define DEFAULT_PORT_LIMIT 20 #define DEFAULT_TIMEOUT 60 --bill On Saturday, September 27, 2003, at 02:05 PM, sauron wrote:
what is spp_portscan2? i get a lot from my pc to other pc's and i didn't makeany scan. thx ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- spp_portscan2?? sauron (Sep 27)
- Re: spp_portscan2?? Bill Terwilliger (Sep 29)