[Snort-devel] spp_portscan logging patch

Patrick Mullen pmullen at ...43...
Thu Dec 7 12:52:03 EST 2000


> Here is a patch to spp_portscan.c to correct the alert and log functions.
> Without the patch, the subsystem logs the current packet which is largely
> misleading.

This is quite interesting.  It appears the "new" format of the code is quite
familiar...  Thank you for restating my point on why logging the packets from
a portscan is hard and why logging the packet that triggers the portscan isn't
really applicable.  It *is* part of the scan, but only the last packet which
ignores the rest of the scan.


Thanks for the patch.


~Patrick



More information about the Snort-devel mailing list