Snort mailing list archives
Yet another spp_portscan2 question
From: "Fialkowski, Joe" <Joe.Fialkowski () AIG com>
Date: Wed, 5 Feb 2003 11:17:41 -0500
Hello List I have a question about spp_portscan2. And I don't think it has been covered on this list. Forgive me if it has. Is there any way to log or alert only when a scan occurs on multiple targets? I keep getting the message below when a user opens up a web page with many images. I have already tried setting the port limit to 60 to alleviate some of the chatter but still get a few hits from this preprocessor. Any ideas are welcome (spp_portscan2) Portscan detected from 192.118.72.15 <http://4dde4/acid_stat_ipaddr.php?ip=192.118.72.15&netmask=32>: 1 targets 61 ports in 32 seconds Thanks in advance, Joe ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Yet another spp_portscan2 question Fialkowski, Joe (Feb 06)
- Re: Yet another spp_portscan2 question Demetri Mouratis (Feb 06)