Snort mailing list archives
RE: Database Plugin - Alert vs. Log
From: Frank Knobbe <fknobbe () knobbeits com>
Date: 27 Nov 2002 18:34:24 -0600
On Wed, 2002-11-27 at 17:04, L. Christopher Luther wrote:
When o when will the portscan data be normalized so that it can cleanly be put into a database?! Sigh...
Why don't you write some Snort rules that detect portscans? Create rules that fire when unused IP's are accessed, and/or when used ports (on used IP's) are accessed. That way you have the scan in a normal format in the database. Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Database Plugin - Alert vs. Log L. Christopher Luther (Nov 27)
- Re: Database Plugin - Alert vs. Log Erek Adams (Nov 27)
- <Possible follow-ups>
- RE: Database Plugin - Alert vs. Log L. Christopher Luther (Nov 27)
- RE: Database Plugin - Alert vs. Log Frank Knobbe (Nov 27)
- RE: Database Plugin - Alert vs. Log L. Christopher Luther (Dec 02)
- RE: Database Plugin - Alert vs. Log Frank Knobbe (Dec 02)