Snort mailing list archives
portscan2 vs portscan
From: "Fred McFeeters" <nfolink () hotmail com>
Date: Thu, 22 Jan 2004 17:56:07 -0600
Do I need to use both? Thanks to this list I was able to stop false positives from portscan2 by using portscan2-ignoreports-to 80 but I'm still getting a lot of false positives from portscan when I look at the log's and packet I only see a source address, it lists the destination address as unknown with no source or destination ports. Thanks Fred McFeeters p.s sorry for the newbie questions
Current thread:
- portscan2 vs portscan Fred McFeeters (Jan 22)