[Snort-users] How many ports is considered a portsweep/portscan?

Ryan Jordan ryan.jordan at ...1935...
Wed Mar 24 10:53:59 EDT 2010


He's complaining about the reply-to address set by the mailing list.

On Wed, Mar 24, 2010 at 8:21 AM, Joel Esler <joel.esler at ...14399...> wrote:
>
>
> --
> Joel Esler
> Sent from my iPhone
>
> On Mar 24, 2010, at 8:12 AM, Nerijus Krukauskas
> <nkrukauskas at ...11827...> wrote:
>
>> On 2010-03-19, Russ Combs <rcombs at ...1935...> wrote:
>>> What version of Snort are you using?  The latest version has
>>> event_filters
>>> that may do exactly what you want.  Check out the README.filters
>>> for more.
>>
>> Mine is 2.8.4. Will move to 2.8.6 as soon as the OS upgrade will
>> permit, which is not in my control...
>>
>> Damn, can somebody change the mailing list settings, so that reply
>> goes to the mailing list?
>
> Gmail suppresses your reply. It's not a mailing list thing, it's a
> gmail thing.
>
>
>
>>
>>> On Fri, Mar 19, 2010 at 2:43 AM, Nerijus Krukauskas
>>> <nkrukauskas at ...11827...>wrote:
>>>
>>>> Hi,
>>>>
>>>> On 2010-03-19, James Lay <jlay at ...13475...> wrote:
>>>>> I took a good solid read of the README for sfportscan, but at the
>>>>> end of
>>>> the
>>>>> day it seems that I¹m left with only a couple options of
>>>>> ignore_scanners,
>>>>> and ignore_scanned.  Am I reading something wrong?  These seem
>>>>> pretty
>>>> binary
>>>>> to me....unless there¹s a more granular level of control that I¹m
>>>> missing.
>>>>
>>>> You're not alone with this kind of feeling. I have it too. And I'm
>>>> ignoring much of the portscan alerts, unless the statistical alert
>>>> picture changes.
>>>>
>>>> --
>>>> http://nk99.org/
>>>>
>>>>
>>>> ---
>>>> ---
>>>> ---
>>>> ---
>>>> ------------------------------------------------------------------
>>>> Download Intel® Parallel Studio Eval
>>>> Try the new software tools for yourself. Speed compiling, find bugs
>>>> proactively, and fine-tune applications for parallel performance.
>>>> See why Intel Parallel Studio got high marks during beta.
>>>> http://p.sf.net/sfu/intel-sw-dev
>>>> _______________________________________________
>>>> Snort-users mailing list
>>>> Snort-users at lists.sourceforge.net
>>>> Go to this URL to change user options or unsubscribe:
>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>> Snort-users list archive:
>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>
>>>
>>
>>
>> --
>> http://nk99.org/
>>
>> ---
>> ---
>> ---
>> ---------------------------------------------------------------------
>> Download Intel® Parallel Studio Eval
>> Try the new software tools for yourself. Speed compiling, find bugs
>> proactively, and fine-tune applications for parallel performance.
>> See why Intel Parallel Studio got high marks during beta.
>> http://p.sf.net/sfu/intel-sw-dev
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list