[Snort-users] About distributed portscans

Mamata Desai mamata at ...3829...
Tue Oct 16 03:24:13 EDT 2001


Hello all,

I am a graduate student and as part of my final project, was thinking of
implementing a distributed portscan detector. I believe snort portscan
detector detects one->one and one->many portscans, and there is work
going on to build the many->one and the many->many modules. 

I would like to work on something like that. Could anybody provide me
with some guidance/suggestions as to how I should proceed ? I wud like
to know what are the 'to do's in this area, so that I can focus my work
efforts and help contribute in some way.

-- 
Mamata Desai
Final year, M.Tech, CSE Department, IIT Bombay
http://www.cse.iitb.ac.in/~mamata




More information about the Snort-users mailing list