Snort mailing list archives
Re: Fine tuning portscan
From: "Lay, James" <james.lay () wincofoods com>
Date: Tue, 25 Oct 2011 13:42:37 -0600
From: JJC [mailto:cummingsj () gmail com] Sent: Tuesday, October 25, 2011 11:01 AM To: Lay, James Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Fine tuning portscan If you already see this in your firewall, what is the benefit of seeing in snort? To me it's just added noise to sift through when looking for actual actionable events / intel... JJC Yea...I'm hoping to correlate these a little better than using the logs. As an added bonus, I hope to be to match up portscan alerts, with actual hack attempts :) And thanks Joel..I'll give that a shot. James ------------------------------------------------------------------------------ The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Fine tuning portscan Lay, James (Oct 25)
- Re: Fine tuning portscan Joel Esler (Oct 25)
- Re: Fine tuning portscan JJC (Oct 25)
- Re: Fine tuning portscan Lay, James (Oct 25)