[Snort-users] Port scans behind Firewall?

Paul Melson pmelson at ...11827...
Wed Jun 15 08:37:16 EDT 2005


These aren't inbound scans, they're normal outbound traffic being
misinterpreted by the portscan2 preprocessor.  You should upgrade to Snort
2.3 and move from the portscan2 preprocessor to the flow & flow-portscan
preprocessors.  This will fix your problem with false-positive alerts for


-----Original Message-----
Subject: [Snort-users] Port scans behind Firewall?

06/13-15:29:43.021986  [**] [117:1:1] (spp_portscan2) Portscan detected from 1 targets 21 ports in 1 seconds [**] {TCP} -> 06/13-15:30:54.461331  [**]

More information about the Snort-users mailing list