[Snort-users] Portscan -> Tag ?

Sven Bolt sven_bolt at ...5678...
Tue Jun 10 14:29:18 EDT 2003


Hi,
what I would like to do, is to log for one hour every packed, that a host
that beforehand portscanned me, sends. As for scans that rely on rules,
like "SCAN Proxy" etc. this would be fairly easy via tags. But what do I
do with scans only alerted by the preprocessors (xmas scan, stealth scan
etc.) ?
Anyone doing this already? 

Thanks

Sven Bolt
-- 
  Sven Bolt
  sven_bolt at ...5678...

-- 
http://www.fastmail.fm - Same, same, but different





More information about the Snort-users mailing list