Snort mailing list archives
Re: how to use port_scan with snort3.0
From: Russ via Snort-users <snort-users () lists snort org>
Date: Fri, 1 Feb 2019 16:32:54 -0500
Hi,Did you check the Snort++ user manual? There is a section on port_scan. It is similar to but updated from Snort 2. You can use the default configurations like this:
port_scan = default_med_port_scan(taken from the example snort.lua) or you can copy and tweak any of the configs from snort_defaults.lua. With Snort 3 port_scan is completely configurable so it is just a matter of tweaking the thresholds to meet your needs.
Hope that helps. Russ On 2/1/19 4:47 AM, sofardware via Snort-users wrote:
Hi all, who can tell me how to use port_scan with snort3.0 ? Thanks.I have try it with \snortrules-snapshot-3000\etc\snort_defaults.lua and snort.lua to detect scan from nmap, but no any alert ._______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- how to use port_scan with snort3.0 sofardware via Snort-users (Feb 01)
- Re: how to use port_scan with snort3.0 Russ via Snort-users (Feb 01)