[Snort-users] conversation/portscan oddity
Kreimendahl, Chad J
Chad.Kreimendahl at ...4716...
Fri Sep 5 14:03:08 EDT 2003
If conversation is set to only allow protocol 1 (or 6 or 17), would
portscan2 be allowed to generate portscan alerts for the protocols not
I tested this theory today with allowed protocols 6 17 and was still
able to get portscan2 to kick off alerts when doing pingscans (1 -
ICMP). Is conversation broken? Does portscan2 even use conversation?
More information about the Snort-users