[Snort-users] preprocessor flow-portscan

Chris Green cmg at ...671...
Fri Jan 30 08:45:14 EST 2004


Kevin Amorin <kevmcs11 at ...131...> writes:

>              alert-mode all \
>              output-mode msg
>
> This config will generate an alert but will not alert
> twice with the same host.

That's probably a bug with not throwing away the portscan tracker
after generating an alert if that's what you want.
-- 
Chris Green <cmg at ...1121...>
"Yeah, but you're taking the universe out of context."





More information about the Snort-users mailing list