[Snort-users] Syn Scan

Jeremy Hewlett jh at ...1935...
Fri Mar 4 13:22:34 EST 2005


On Thu, Mar 03, Dominic wrote:
>    Does  snort alert on SYN scans - I have tried all others and I see the
>    alerts but nothing for a SYN scan?

I'm not sure what alerts you're getting, so I'm just making a guess
based on the differences between portscan and sfPortscan.

sfPortscan does not make any distinction between a SYN scan and a 3WHS
scan. Both are TCP scans, and as such are classified as either a
TCP Portsweep or TCP Portscan.






More information about the Snort-users mailing list