Snort mailing list archives
port scan rule
From: Balla István <balla.bmf () gmail com>
Date: Thu, 9 May 2013 23:22:24 +0200
hey guys, could you tell me which rule should I set to drop if I wanna block all port scan? from my snort.conf: *preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { medium } detect_ack_scan*s if i m right it only detects ack flags without 3w hs. my question is how to configure it to detect all port scans and which rules to set to drop?
------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- port scan rule Balla István (May 09)
- Re: port scan rule Balla István (May 09)
- Re: port scan rule ARUN PUSHKAR (May 13)
- Re: port scan rule Jason (May 09)
- Re: port scan rule Balla István (May 09)