[Snort-users] Flow-portscan oddity

Guillaume Arcas guillaume.arcas at ...953...
Tue Apr 13 08:40:12 EDT 2004


Martin Roesch a dit :
> Check out README.flow-portscan in the doc directory of your snort
> distro.

Marty,

I read it, printed it out and still find it not so clear...
With the values given as example,  I do not catch any scan, and when I do,
scanners are shown as talkers...
I can go on playing with these values until I find some empiric good
parameters, but if there is a more detailed document about how to catch
scan activites using flow-portscan plugin, I take it ! :-)

Regards,

-- 
Guillaume Arcas

--------------------------------------------------
Il faut nous quitter. Nous sommes deux enfants,
nous avons fait une folie. (Yvonne de Galais)




More information about the Snort-users mailing list