Snort mailing list archives
Re: How many ports is considered a portsweep/portscan?
From: Russ Combs <rcombs () sourcefire com>
Date: Fri, 19 Mar 2010 05:41:18 -0400
What version of Snort are you using? The latest version has event_filters that may do exactly what you want. Check out the README.filters for more. On Fri, Mar 19, 2010 at 2:43 AM, Nerijus Krukauskas <nkrukauskas () gmail com>wrote:
Hi, On 2010-03-19, James Lay <jlay () slave-tothe-box net> wrote:I took a good solid read of the README for sfportscan, but at the end oftheday it seems that I¹m left with only a couple options of ignore_scanners, and ignore_scanned. Am I reading something wrong? These seem prettybinaryto me....unless there¹s a more granular level of control that I¹mmissing. You're not alone with this kind of feeling. I have it too. And I'm ignoring much of the portscan alerts, unless the statistical alert picture changes. -- http://nk99.org/ ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How many ports is considered a portsweep/portscan? James Lay (Mar 18)
- Re: How many ports is considered a portsweep/portscan? Matt Olney (Mar 18)
- Re: How many ports is considered a portsweep/portscan? James Lay (Mar 18)
- Re: How many ports is considered a portsweep/portscan? Nerijus Krukauskas (Mar 18)
- Re: How many ports is considered a portsweep/portscan? Russ Combs (Mar 19)
- Re: How many ports is considered a portsweep/portscan? Nerijus Krukauskas (Mar 24)
- Re: How many ports is considered a portsweep/portscan? Joel Esler (Mar 24)
- Re: How many ports is considered a portsweep/portscan? Ryan Jordan (Mar 24)
- Re: How many ports is considered a portsweep/portscan? Joel Esler (Mar 24)
- Re: How many ports is considered a portsweep/portscan? Nerijus Krukauskas (Mar 24)
- Re: How many ports is considered a portsweep/portscan? James Lay (Mar 18)
- Re: How many ports is considered a portsweep/portscan? Matt Olney (Mar 18)