Snort mailing list archives
Rule to detect NMAP FIN Stealth Scan
From: Joe Magueta <joe () pcwe ca>
Date: Mon, 10 Jul 2017 17:18:00 +0000
Hi all. I'm new to SNORT and have received information from my ISP that they are blocking my connection because there is an "NMAP FIN Stealth Scan" happening from my network. Is there a rule that exists already to detect this? If not can anyone help me setup a rule on SNORT to detect the scan and the device/s performing it? Any help is appreciated. Thank you. Joe
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Rule to detect NMAP FIN Stealth Scan Joe Magueta (Jul 10)
- Re: Rule to detect NMAP FIN Stealth Scan Patrick Mullen (Jul 10)