[Snort-users] How many ports is considered a portsweep/portscan?

Joel Esler joel.esler at ...14399...
Wed Mar 24 08:21:51 EDT 2010



--
Joel Esler
Sent from my iPhone

On Mar 24, 2010, at 8:12 AM, Nerijus Krukauskas  
<nkrukauskas at ...11827...> wrote:

> On 2010-03-19, Russ Combs <rcombs at ...1935...> wrote:
>> What version of Snort are you using?  The latest version has  
>> event_filters
>> that may do exactly what you want.  Check out the README.filters  
>> for more.
>
> Mine is 2.8.4. Will move to 2.8.6 as soon as the OS upgrade will
> permit, which is not in my control...
>
> Damn, can somebody change the mailing list settings, so that reply
> goes to the mailing list?

Gmail suppresses your reply. It's not a mailing list thing, it's a  
gmail thing.



>
>> On Fri, Mar 19, 2010 at 2:43 AM, Nerijus Krukauskas
>> <nkrukauskas at ...11827...>wrote:
>>
>>> Hi,
>>>
>>> On 2010-03-19, James Lay <jlay at ...13475...> wrote:
>>>> I took a good solid read of the README for sfportscan, but at the  
>>>> end of
>>> the
>>>> day it seems that I¹m left with only a couple options of
>>>> ignore_scanners,
>>>> and ignore_scanned.  Am I reading something wrong?  These seem  
>>>> pretty
>>> binary
>>>> to me....unless there¹s a more granular level of control that I¹m
>>> missing.
>>>
>>> You're not alone with this kind of feeling. I have it too. And I'm
>>> ignoring much of the portscan alerts, unless the statistical alert
>>> picture changes.
>>>
>>> --
>>> http://nk99.org/
>>>
>>>
>>> --- 
>>> --- 
>>> --- 
>>> --- 
>>> ------------------------------------------------------------------
>>> Download Intel® Parallel Studio Eval
>>> Try the new software tools for yourself. Speed compiling, find bugs
>>> proactively, and fine-tune applications for parallel performance.
>>> See why Intel Parallel Studio got high marks during beta.
>>> http://p.sf.net/sfu/intel-sw-dev
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>
>>
>
>
> -- 
> http://nk99.org/
>
> --- 
> --- 
> --- 
> ---------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list