[Snort-users] Portscan -> Tag ?

Sven Bolt sven_bolt at ...5678...
Tue Jun 10 14:29:18 EDT 2003

what I would like to do, is to log for one hour every packed, that a host
that beforehand portscanned me, sends. As for scans that rely on rules,
like "SCAN Proxy" etc. this would be fairly easy via tags. But what do I
do with scans only alerted by the preprocessors (xmas scan, stealth scan
etc.) ?
Anyone doing this already? 


Sven Bolt
  Sven Bolt
  sven_bolt at ...5678...

http://www.fastmail.fm - Same, same, but different

More information about the Snort-users mailing list