[Snort-users] Separating real portscans from false-positives

Arndt, Timo timo.arndt at ...6725...
Thu Sep 14 03:54:10 EDT 2006


Hello,

Anyone can recommend a guide or can give me some hints about separating
real portscans from false-positives?
I get 1000s of portscan alerts, decoy portscan alerts and distributed
portscan alerts every day making it impossible to see whats real or not.

Cheers,
Timo




More information about the Snort-users mailing list