Snort mailing list archives
question about rule detect nmap scan
From: "Vuong D. Chieu" <vdchieu () vncert vn>
Date: Fri, 25 Jul 2014 15:18:22 +0700 (ICT)
you can test help me rule detect scan nmap ? this is my rule but it is not working alert tcp any any -> any any (sid:1000005; gid:1; flow:stateless; ack:0; flags:S; ttl:>220; priority:1; msg:"nmap scan"; classtype:network-scan; rev:1; ) ---------------------------------------- Vuong Dinh Chieu (Mr.) Vietnam Computer Emergency Response Team (VNCERT) Ministry of Information and Communications (MIC) Add: 18 Nguyen Du, Hanoi Website: http://www.vncert.gov.vn Tel: +84-4-3640-4424 Mobile: +84-97 993 1293 ------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- question about rule detect nmap scan Vuong D. Chieu (Jul 25)
- Re: question about rule detect nmap scan lists () packetmail net (Jul 25)