Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Fine tuning portscan

From: "Lay, James" <james.lay () wincofoods com>
Date: Tue, 25 Oct 2011 13:42:37 -0600


From: JJC [mailto:cummingsj () gmail com] 
Sent: Tuesday, October 25, 2011 11:01 AM
To: Lay, James
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Fine tuning portscan

If you already see this in your firewall, what is the benefit of seeing in snort?  To me it's just added noise to sift 
through when looking for actual actionable events / intel...

JJC


Yea...I'm hoping to correlate these a little better than using the logs.  As an added bonus, I hope to be to match up 
portscan alerts, with actual hack attempts :)

And thanks Joel..I'll give that a shot.

James

------------------------------------------------------------------------------
The demand for IT networking professionals continues to grow, and the
demand for specialized networking skills is growing even more rapidly.
Take a complimentary Learning@Cisco Self-Assessment and learn 
about Cisco certifications, training, and career opportunities. 
http://p.sf.net/sfu/cisco-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: