[Snort-users] how snort detect port scan
carlmarxf11 at ...5310...
Fri Jun 20 08:07:07 EDT 2003
I was wondering how snort detect port scan. Eg. Syn
scan, how does it know this is a port scan from the
valid active Syn connect? Is it by number of similar
scan over time, ie rate or there is some kind of state
it kept if it does not sees ack back after syn+ack, it
deemed it as a syn scan?
Do You Yahoo!?
Send free SMS from your PC!
More information about the Snort-users