Snort mailing list archives

RE: Database Plugin - Alert vs. Log

From: Frank Knobbe <fknobbe () knobbeits com>
Date: 27 Nov 2002 18:34:24 -0600

On Wed, 2002-11-27 at 17:04, L. Christopher Luther wrote:

When o when will the portscan data be normalized so that it can
cleanly be put into a database?!  Sigh...


Why don't you write some Snort rules that detect portscans? Create rules
that fire when unused IP's are accessed, and/or when used ports (on used
IP's) are accessed. That way you have the scan in a normal format in the
database.

Frank

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Database Plugin - Alert vs. Log L. Christopher Luther (Nov 27)
- Re: Database Plugin - Alert vs. Log Erek Adams (Nov 27)
- <Possible follow-ups>
- RE: Database Plugin - Alert vs. Log L. Christopher Luther (Nov 27)
  - RE: Database Plugin - Alert vs. Log Frank Knobbe (Nov 27)
- RE: Database Plugin - Alert vs. Log L. Christopher Luther (Dec 02)
  - RE: Database Plugin - Alert vs. Log Frank Knobbe (Dec 02)