Snort mailing list archives
Portscan -> Tag ?
From: "Sven Bolt" <sven_bolt () fastmail fm>
Date: Tue, 10 Jun 2003 13:28:53 -0800
Hi, what I would like to do, is to log for one hour every packed, that a host that beforehand portscanned me, sends. As for scans that rely on rules, like "SCAN Proxy" etc. this would be fairly easy via tags. But what do I do with scans only alerted by the preprocessors (xmas scan, stealth scan etc.) ? Anyone doing this already? Thanks Sven Bolt -- Sven Bolt sven_bolt () fastmail fm -- http://www.fastmail.fm - Same, same, but differentÂ… ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Portscan -> Tag ? Sven Bolt (Jun 10)