[Snort-sigs] Rule to detect NMAP FIN Stealth Scan

Joe Magueta joe at pcwe.ca
Mon Jul 10 13:18:00 EDT 2017


Hi all.

I'm new to SNORT and have received information from my ISP that they are blocking my connection because there is an "NMAP FIN Stealth Scan" happening from my network. Is there a rule that exists already to detect this? If not can anyone help me setup a rule on SNORT to detect the scan and the device/s performing it?
Any help is appreciated.

Thank you.

Joe


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20170710/a19b02d3/attachment.html>


More information about the Snort-sigs mailing list