Snort mailing list archives

Re: RULE ALERT NMAP SCAN

From: "Al Lewis \(allewi\) via Snort-users" <snort-users () lists snort org>
Date: Wed, 18 Oct 2017 13:32:08 +0000

Hello,

Try a detection filter.

https://www.snort.org/faq/readme-filters




Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi () cisco com<mailto:allewi () cisco com>

From: Snort-users <snort-users-bounces () lists snort org<mailto:snort-users-bounces () lists snort org>> on behalf of 
nguyen cao via Snort-users <snort-users () lists snort org<mailto:snort-users () lists snort org>>
Reply-To: nguyen cao <nguyenblack1995 () gmail com<mailto:nguyenblack1995 () gmail com>>
Date: Wednesday, October 18, 2017 at 2:42 AM
To: "snort-users () lists snort org<mailto:snort-users () lists snort org>" <snort-users () lists snort 
org<mailto:snort-users () lists snort org>>
Subject: [Snort-users] RULE ALERT NMAP SCAN

I try command : "nmap --scan-delay 2s TargetIP". some body can tell me rule snort detecion this type attack ? Tks

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

RULE ALERT NMAP SCAN nguyen cao via Snort-users (Oct 17)
- Re: RULE ALERT NMAP SCAN Al Lewis (allewi) via Snort-users (Oct 18)