Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Portscan -> Tag ?

From: "Sven Bolt" <sven_bolt () fastmail fm>
Date: Tue, 10 Jun 2003 13:28:53 -0800
Hi,
what I would like to do, is to log for one hour every packed, that a host
that beforehand portscanned me, sends. As for scans that rely on rules,
like "SCAN Proxy" etc. this would be fairly easy via tags. But what do I
do with scans only alerted by the preprocessors (xmas scan, stealth scan
etc.) ?
Anyone doing this already? 

Thanks

Sven Bolt
-- 
  Sven Bolt
  sven_bolt () fastmail fm

-- 
http://www.fastmail.fm - Same, same, but differentÂ…


-------------------------------------------------------
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: