[Snort-users] Flow-portscan configuration how-to

Guillaume Arcas guillaume.arcas at ...953...
Fri Apr 9 09:28:00 EDT 2004


Hi.

I'd like to know how I have to set up the flow-portscan preprocessor to
detect   "1 IP to many IPs" scans.
I also would like to know if threshold settings can be used in a rule to
detect the same kind of event. Seems not...

Regards,


-- 
Guillaume Arcas

--------------------------------------------------
Il faut nous quitter. Nous sommes deux enfants,
nous avons fait une folie. (Yvonne de Galais)




More information about the Snort-users mailing list