[Snort-users] Flow-portscan configuration how-to

Guillaume Arcas guillaume.arcas at ...953...
Fri Apr 9 09:28:00 EDT 2004


I'd like to know how I have to set up the flow-portscan preprocessor to
detect   "1 IP to many IPs" scans.
I also would like to know if threshold settings can be used in a rule to
detect the same kind of event. Seems not...


Guillaume Arcas

Il faut nous quitter. Nous sommes deux enfants,
nous avons fait une folie. (Yvonne de Galais)

More information about the Snort-users mailing list