[Snort-users] How many ports is considered a portsweep/portscan?
nkrukauskas at ...11827...
Fri Mar 19 02:43:37 EDT 2010
On 2010-03-19, James Lay <jlay at ...13475...> wrote:
> I took a good solid read of the README for sfportscan, but at the end of the
> day it seems that I¹m left with only a couple options of ignore_scanners,
> and ignore_scanned. Am I reading something wrong? These seem pretty binary
> to me....unless there¹s a more granular level of control that I¹m missing.
You're not alone with this kind of feeling. I have it too. And I'm
ignoring much of the portscan alerts, unless the statistical alert
More information about the Snort-users