Snort mailing list archives
Re: RULE ALERT NMAP SCAN
From: "Al Lewis \(allewi\) via Snort-users" <snort-users () lists snort org>
Date: Wed, 18 Oct 2017 13:32:08 +0000
Hello, Try a detection filter. https://www.snort.org/faq/readme-filters Albert Lewis ENGINEER.SOFTWARE ENGINEERING SOURCEfire, Inc. now part of Cisco Email: allewi () cisco com<mailto:allewi () cisco com> From: Snort-users <snort-users-bounces () lists snort org<mailto:snort-users-bounces () lists snort org>> on behalf of nguyen cao via Snort-users <snort-users () lists snort org<mailto:snort-users () lists snort org>> Reply-To: nguyen cao <nguyenblack1995 () gmail com<mailto:nguyenblack1995 () gmail com>> Date: Wednesday, October 18, 2017 at 2:42 AM To: "snort-users () lists snort org<mailto:snort-users () lists snort org>" <snort-users () lists snort org<mailto:snort-users () lists snort org>> Subject: [Snort-users] RULE ALERT NMAP SCAN I try command : "nmap --scan-delay 2s TargetIP". some body can tell me rule snort detecion this type attack ? Tks
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- RULE ALERT NMAP SCAN nguyen cao via Snort-users (Oct 17)
- Re: RULE ALERT NMAP SCAN Al Lewis (allewi) via Snort-users (Oct 18)