[Snort-users] conversation/portscan oddity

Kreimendahl, Chad J Chad.Kreimendahl at ...4716...
Fri Sep 5 14:03:08 EDT 2003


If conversation is set to only allow protocol 1 (or 6 or 17), would
portscan2 be allowed to generate portscan alerts for the protocols not
allowed?

I tested this theory today with allowed protocols 6 17 and was still
able to get portscan2 to kick off alerts when doing pingscans (1 -
ICMP).  Is conversation broken? Does portscan2 even use conversation? 




More information about the Snort-users mailing list