Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Flow-portscan configuration how-to

From: "Guillaume Arcas" <guillaume.arcas () free fr>
Date: Fri, 9 Apr 2004 18:26:44 +0200 (CEST)
Hi.

I'd like to know how I have to set up the flow-portscan preprocessor to
detect   "1 IP to many IPs" scans.
I also would like to know if threshold settings can be used in a rule to
detect the same kind of event. Seems not...

Regards,


-- 
Guillaume Arcas

--------------------------------------------------
Il faut nous quitter. Nous sommes deux enfants,
nous avons fait une folie. (Yvonne de Galais)


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: