Snort mailing list archives
Portscan Rule
From: "tantioification . via Snort-users" <snort-users () lists snort org>
Date: Wed, 12 Jul 2017 12:20:31 +0700
When i try to test portscan using nmap, there is no alert. then i search in snort.rules, i find port scan rule is disabled. The SID 630 is port scan rule, right? Could i enable it in snort.rules or i have to add that rule to local.rules? i have tried before to add that rule to local.rules but still no alert.
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Portscan Rule tantioification . via Snort-users (Jul 11)