No subject


Thu Nov 23 16:36:19 EST 2017


hosts on the same subnet) have scanned 150 hosts on our network, then
this would definitely warrant an abuse email.  Right now, each one of
these is created by hand, based on a cookie cutter form anyway.  When
you consider that we receive portscans at all hours of the day, and an
administrator is not necessarily available to fire off an email right at
night, it would be nice to provide an ISP with a timely notification so
that they can address the issue while the host is still active (in
theory).

Are you aware of a project like this?

-Matt





More information about the Snort-users mailing list