[Snort-devel] spp_portscan logging patch
pmullen at ...43...
Thu Dec 7 12:52:03 EST 2000
> Here is a patch to spp_portscan.c to correct the alert and log functions.
> Without the patch, the subsystem logs the current packet which is largely
This is quite interesting. It appears the "new" format of the code is quite
familiar... Thank you for restating my point on why logging the packets from
a portscan is hard and why logging the packet that triggers the portscan isn't
really applicable. It *is* part of the scan, but only the last packet which
ignores the rest of the scan.
Thanks for the patch.
More information about the Snort-devel