[Snort-users] How many ports is considered a portsweep/portscan?

Joel Esler joel.esler at ...14399...
Wed Mar 24 11:34:40 EDT 2010


Ah. That makes sense. Tip: reply to all?

--
Joel Esler
Sent from my iPhone

On Mar 24, 2010, at 10:53 AM, Ryan Jordan <ryan.jordan at ...1935...>  
wrote:

> He's complaining about the reply-to address set by the mailing list.
>
> On Wed, Mar 24, 2010 at 8:21 AM, Joel Esler <joel.esler at ...14399...> wrote:
>>
>>
>> --
>> Joel Esler
>> Sent from my iPhone
>>
>> On Mar 24, 2010, at 8:12 AM, Nerijus Krukauskas
>> <nkrukauskas at ...11827...> wrote:
>>
>>> On 2010-03-19, Russ Combs <rcombs at ...1935...> wrote:
>>>> What version of Snort are you using?  The latest version has
>>>> event_filters
>>>> that may do exactly what you want.  Check out the README.filters
>>>> for more.
>>>
>>> Mine is 2.8.4. Will move to 2.8.6 as soon as the OS upgrade will
>>> permit, which is not in my control...
>>>
>>> Damn, can somebody change the mailing list settings, so that reply
>>> goes to the mailing list?
>>
>> Gmail suppresses your reply. It's not a mailing list thing, it's a
>> gmail thing.
>>
>>
>>
>>>
>>>> On Fri, Mar 19, 2010 at 2:43 AM, Nerijus Krukauskas
>>>> <nkrukauskas at ...11827...>wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> On 2010-03-19, James Lay <jlay at ...13475...> wrote:
>>>>>> I took a good solid read of the README for sfportscan, but at the
>>>>>> end of
>>>>> the
>>>>>> day it seems that I¹m left with only a couple options of
>>>>>> ignore_scanners,
>>>>>> and ignore_scanned.  Am I reading something wrong?  These seem
>>>>>> pretty
>>>>> binary
>>>>>> to me....unless there¹s a more granular level of control t 
>>>>>> hat I¹m
>>>>> missing.
>>>>>
>>>>> You're not alone with this kind of feeling. I have it too. And I'm
>>>>> ignoring much of the portscan alerts, unless the statistical alert
>>>>> picture changes.
>>>>>
>>>>> --
>>>>> http://nk99.org/
>>>>>
>>>>>
>>>>> ---
>>>>> ---
>>>>> ---
>>>>> ---
>>>>> ------------------------------------------------------------------
>>>>> Download Intel® Parallel Studio Eval
>>>>> Try the new software tools for yourself. Speed compiling, find  
>>>>> bugs
>>>>> proactively, and fine-tune applications for parallel performance.
>>>>> See why Intel Parallel Studio got high marks during beta.
>>>>> http://p.sf.net/sfu/intel-sw-dev
>>>>> _______________________________________________
>>>>> Snort-users mailing list
>>>>> Snort-users at lists.sourceforge.net
>>>>> Go to this URL to change user options or unsubscribe:
>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>>> Snort-users list archive:
>>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>>
>>>>
>>>
>>>
>>> --
>>> http://nk99.org/
>>>
>>> ---
>>> ---
>>> ---
>>> --- 
>>> ------------------------------------------------------------------
>>> Download Intel® Parallel Studio Eval
>>> Try the new software tools for yourself. Speed compiling, find bugs
>>> proactively, and fine-tune applications for parallel performance.
>>> See why Intel Parallel Studio got high marks during beta.
>>> http://p.sf.net/sfu/intel-sw-dev
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>> --- 
>> --- 
>> --- 
>> ---------------------------------------------------------------------
>> Download Intel® Parallel Studio Eval
>> Try the new software tools for yourself. Speed compiling, find bugs
>> proactively, and fine-tune applications for parallel performance.
>> See why Intel Parallel Studio got high marks during beta.
>> http://p.sf.net/sfu/intel-sw-dev
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list