[Snort-devel] Additional feature in sfportscan preprocessor
spoppi at ...224...
Sat Apr 23 06:19:21 EDT 2005
Please find attached a patch for the sfportscan prerocessor which
1) adds a list of ports and ip addresses within the defined portscan
window instead of having only the range of ports/ips which might be
useful for other output plugins (like my spo_idmef ;)
2) adds various additional checks in portscan.c which seem to be omitted.
Item 1 is supposed to be a configure option --enable-ps-lists like
[ --enable-ps-list Create a list of ip addresses and ports in
[ if test "$enable_ps_list" = "yes"; then
I'd appreciate feedback about that addition if someone finds it useful
and if it'll be included in a future snort version.
"Linux is like a wigwam: no windows, no gates ... apache inside!"
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3147 bytes
Desc: not available
More information about the Snort-devel