Snort mailing list archives
Re: (spp_portscan2) Portscan detected
From: Ashley Thomas <athomas () cc gatech edu>
Date: Fri, 28 Feb 2003 02:27:33 -0500
This is detected by portscan preprocessor; not a rule. Clayton Mascasrenhas wrote:
Snort detected this attack....02/02-10:14:55.142286 [**] [117:1:1] (spp_portscan2) Portscan detected from 65.114.4.69: 1 targets 21 ports in 2 seconds [**] {TCP} 65.114.4.69:80 -> 66.20.55.101:57910Could Someone please tell me the sid rule used by snort for detecting this portscan attack??Clayton Mascarenhas ------------------------------------------------------------------------ Do you Yahoo!?Yahoo! Tax Center <http://rd.yahoo.com/finance/mailtagline/*http://taxes.yahoo.com/> - forms, calculators, tips, and more
-- Ashley Thomas Research scientist College of Computing Georgia Tech. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- (spp_portscan2) Portscan detected Clayton Mascasrenhas (Feb 27)
- Re: (spp_portscan2) Portscan detected Ashley Thomas (Feb 27)
- Re: (spp_portscan2) Portscan detected Erick Mechler (Feb 27)
- Re: (spp_portscan2) Portscan detected Saad Kadhi (Feb 28)