[Snort-users] Another question
athomas at ...3539...
Sat May 11 20:47:02 EDT 2002
The numbers are sort of ids for the alert generator..
the numbers are defined as:
#define GENERATOR_SPP_PORTSCAN 100
#define PORTSCAN_SCAN_DETECT 1
100 -> sig_generator
1 -> sig_id
1 -> sig_rev
hope that helps...
On Sun, 12 May 2002, Tommy Tsilalis wrote:
> This is another Snort output.
> [**] [100:1:1] spp_portscan: PORTSCAN DETECTED from 192.168.0.2 (THRESHOLD 4
> connections exceeded in 0 seconds) [**]
> I suppose that spp_portscan is the Snort function which identifies or checks
> for portscans.
> What does the following mean?
> Thanks again.
> Thomas Tsilalis
> Have big pipes? SourceForge.net is looking for download mirrors. We supply
> the hardware. You get the recognition. Email Us: bandwidth at ...382...
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users