[Snort-sigs] question about rule detect nmap scan

Vuong D. Chieu vdchieu at ...3828...
Fri Jul 25 04:18:22 EDT 2014


you can test help me rule detect scan nmap ?
this is my rule but it is not working

alert tcp any any -> any any (sid:1000005; gid:1; flow:stateless; ack:0; flags:S; ttl:>220; priority:1; msg:"nmap scan"; classtype:network-scan; rev:1; )
----------------------------------------
Vuong Dinh Chieu (Mr.)
Vietnam Computer Emergency Response Team (VNCERT)
Ministry of Information and Communications (MIC)
Add: 18 Nguyen Du, Hanoi       Website: http://www.vncert.gov.vn
Tel: +84-4-3640-4424                Mobile: +84-97 993 1293





More information about the Snort-sigs mailing list