[Snort-users] sfPortscan - false positive

Y M snort at ...15979...
Sun Feb 21 09:19:33 EST 2016


I believe they refer to the data generated by the preprocessor. Review the distribution of the data points mentioned. I am not on a computer to verify.

YM

Sent from Mobile




On Sun, Feb 21, 2016 at 3:20 AM -0800, "Izik Birka" <Izik.Birka at ...17456...<mailto:Izik.Birka at ...17456...>> wrote:

Hi
I'm trying to tune PortScan false Positive I found this explanation in snort site

Make use of the Priority Count, Connection Count, IP Count, Port Count, IP range, and Port range to determine false positives.

But I didn't understand where I can change those values ,

Who knows ?

Thanks
Izik Birka

This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain materials protected by copyright or information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or agreement. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication by error, notify the sender immediately and delete this message immediately. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160221/d173baf1/attachment.html>


More information about the Snort-users mailing list