Snort mailing list archives
Re: portscan preprocessor and external net
From: marco turr <marco_syslnx () yahoo it>
Date: Tue, 29 Nov 2005 19:23:47 +0100 (CET)
Matt Kettler <mkettler () evi-inc com> ha scritto:
Generally speaking, you want to do the opposite. You want to ignore your subnet,
and no others.
We need to detect only home hosts that make portscan to any (compromised hosts) because we have a lot of scanning from
external.
Now, i must subnet all internet address? There is no way to make a !$HOME_NET without writing ALL internet address?
---------------------------------
Yahoo! Messenger: chiamate gratuite in tutto il mondo
Current thread:
- portscan preprocessor and external net marco turr (Nov 29)
- Re: portscan preprocessor and external net Jason Brvenik (Nov 29)
- Re: portscan preprocessor and external net marco turr (Nov 29)
- Re: portscan preprocessor and external net Matt Kettler (Nov 29)
- Re: portscan preprocessor and external net marco turr (Nov 29)
- Re: portscan preprocessor and external net marco turr (Nov 29)
- Re: portscan preprocessor and external net Jason Brvenik (Nov 29)