Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Flow-portscan oddity

From: "Guillaume Arcas" <guillaume.arcas () free fr>
Date: Tue, 13 Apr 2004 17:37:48 +0200 (CEST)
Martin Roesch a dit :

Check out README.flow-portscan in the doc directory of your snort
distro.


Marty,

I read it, printed it out and still find it not so clear...
With the values given as example,  I do not catch any scan, and when I do,
scanners are shown as talkers...
I can go on playing with these values until I find some empiric good
parameters, but if there is a more detailed document about how to catch
scan activites using flow-portscan plugin, I take it ! :-)

Regards,

-- 
Guillaume Arcas

--------------------------------------------------
Il faut nous quitter. Nous sommes deux enfants,
nous avons fait une folie. (Yvonne de Galais)


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: