Snort mailing list archives

question about rule detect nmap scan

From: "Vuong D. Chieu" <vdchieu () vncert vn>
Date: Fri, 25 Jul 2014 15:18:22 +0700 (ICT)


you can test help me rule detect scan nmap ?
this is my rule but it is not working

alert tcp any any -> any any (sid:1000005; gid:1; flow:stateless; ack:0; flags:S; ttl:>220; priority:1; msg:"nmap 
scan"; classtype:network-scan; rev:1; )
----------------------------------------
Vuong Dinh Chieu (Mr.)
Vietnam Computer Emergency Response Team (VNCERT)
Ministry of Information and Communications (MIC)
Add: 18 Nguyen Du, Hanoi       Website: http://www.vncert.gov.vn
Tel: +84-4-3640-4424                Mobile: +84-97 993 1293


------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

question about rule detect nmap scan Vuong D. Chieu (Jul 25)
- Re: question about rule detect nmap scan lists () packetmail net (Jul 25)