Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Yet another spp_portscan2 question

From: "Fialkowski, Joe" <Joe.Fialkowski () AIG com>
Date: Wed, 5 Feb 2003 11:17:41 -0500
Hello List

 I have a question about spp_portscan2. And I don't think it has been
covered on this list. Forgive me if it has.

 Is there any way to log or alert only when a scan occurs on multiple
targets? I keep getting the message below when a user opens up a web page
with many images. I have already tried setting the port limit to 60 to
alleviate some of the chatter but still get a few hits from this
preprocessor. Any ideas are welcome

(spp_portscan2) Portscan detected from 192.118.72.15
<http://4dde4/acid_stat_ipaddr.php?ip=192.118.72.15&netmask=32>: 1 targets
61 ports in 32 seconds    


Thanks in advance,

Joe


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: