Snort mailing list archives

Portscan parameters

From: "shadi Rostami" <shadi () inkra com>
Date: Tue, 1 Oct 2002 12:46:17 -0700

I was just wondering, what are the typical values for portscan threshold and
period.
In snort.conf, it seems to be 4 ports in 3 seconds.
Are these realistic numbers? Don't you get many false alarms if you set
these numbers? I myself was thinking of portscan as about 50 scans within a
second!

Thanks a lot
--Shadi

Current thread:

Portscan parameters shadi Rostami (Oct 01)
- Re: Portscan parameters Glenn Forbes Fleming Larratt (Oct 01)
- Snort 1.9 flow keyword shadi Rostami (Oct 29)
  - Re: Snort 1.9 flow keyword Chris Green (Oct 29)
  - Re: Snort 1.9 flow keyword Brian (Nov 07)