Snort mailing list archives
RE: Call for features requests for SPPv2
From: "John Berkers" <berjo () ozemail com au>
Date: Wed, 16 May 2001 19:36:21 +1000
Hear Hear. I have found the same thing. In fact I have stopped logging Portscan info to a database because it fouls up any ability to search on unique alerts using ACID with nearly every portscan generating a unique alert. I can imagine that it would be a challenge to log a portscan with a single source & destination ip/port when the nature of a portscan is to hit may ports/hosts in a short amount of time. Would a separate table in the db be useful for dealing with portscans, since logging each of the actual packets in the normal events might overwhelm us? Any other suggestions? -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Jeff Dell Sent: Tuesday, 15 May 2001 21:39 To: 'Patrick Mullen'; snort-users () lists sourceforge net Subject: RE: [Snort-users] Call for features requests for SPPv2 I don't know if it has to do with the snort Portscan Preprocessor, ACID or anything inbetween, but when using ACID you get 3 lines for each portscan and you don't even get any good info from them. I have to revert back to the log file to gather any type of information. It sure would be nice to get this cleaned up. Jeff -----Original Message----- From: Patrick Mullen [mailto:pmullen () linuxrc net] Sent: Tuesday, May 15, 2001 3:17 AM To: snort-users () lists sourceforge net; snort-devel () lists sourceforge net Subject: [Snort-users] Call for features requests for SPPv2 The grapevine was properly seeded for me to catch wind that The Big Guy (TM) wants a new version of the Snort Portscan Preprocessor out and he wants it yesterday. ;) Make your voice heard! Tell me what you like and don't like about the current SPP and what features you feel are lacking. No request is too large and no request is too small. I take all requests and comments! It doesn't mean I'll implement them all, but I do take them... Just please reply to me directly; feel free to cc: the list if you'd like. I get too much mail to too many lists to pore through it all. Thanks, ~Patrick _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Call for features requests for SPPv2 Patrick Mullen (May 15)
- <Possible follow-ups>
- RE: Call for features requests for SPPv2 Jeff Dell (May 15)
- RE: Call for features requests for SPPv2 John Berkers (May 16)
- RE: Call for features requests for SPPv2 roman (May 16)