Re: How many ports is considered a portsweep/portscan?

[Nerijus Krukauskas <nkrukauskas () gmail com>]

Hi,

On 2010-03-19, James Lay <jlay () slave-tothe-box net> wrote:
> I took a good solid read of the README for sfportscan, but at the end of the
> day it seems that I¹m left with only a couple options of ignore_scanners,
> and ignore_scanned.  Am I reading something wrong?  These seem pretty binary
> to me....unless there¹s a more granular level of control that I¹m missing.

You're not alone with this kind of feeling. I have it too. And I'm
ignoring much of the portscan alerts, unless the statistical alert
picture changes.

-- 
http://nk99.org/

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users