[Snort-sigs] Rule to detect NMAP FIN Stealth Scan
joe at pcwe.ca
Mon Jul 10 13:18:00 EDT 2017
I'm new to SNORT and have received information from my ISP that they are blocking my connection because there is an "NMAP FIN Stealth Scan" happening from my network. Is there a rule that exists already to detect this? If not can anyone help me setup a rule on SNORT to detect the scan and the device/s performing it?
Any help is appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs