Snort mailing list archives
Re: Detecting slow portscans with snort
From: Edin Dizdarevic <edin.dizdarevic () interActive-Systems de>
Date: Mon, 24 Jan 2005 17:50:30 +0100
BTW, does anybody knows if there are any other anomaly based IDS-tools available at the moment? Regards, Edin Matt Kettler schrieb am 24.01.2005 17:22:
At 12:33 PM 1/23/2005, Bjarte Malmedal wrote:
...
Ideally one would use Spade, but that snort plugin is just regaining it's footings. It's the only scan detector that I've used that has any decent success against ultra-slow scans (ie: less than one probe per day). Unfortunately the spade plugin is in a bit of a state of disrepair and has only recently had anyone interested in working on maintaining it......
-- Edin Dizdarevic ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Detecting slow portscans with snort Bjarte Malmedal (Jan 24)
- Re: Detecting slow portscans with snort Martin Roesch (Jan 24)
- Re: Detecting slow portscans with snort Matt Kettler (Jan 24)
- Re: Detecting slow portscans with snort Edin Dizdarevic (Jan 24)