Snort mailing list archives
Re: How many ports is considered a portsweep/portscan?
From: Ryan Jordan <ryan.jordan () sourcefire com>
Date: Wed, 24 Mar 2010 10:53:59 -0400
He's complaining about the reply-to address set by the mailing list. On Wed, Mar 24, 2010 at 8:21 AM, Joel Esler <joel.esler () me com> wrote:
-- Joel Esler Sent from my iPhone On Mar 24, 2010, at 8:12 AM, Nerijus Krukauskas <nkrukauskas () gmail com> wrote:On 2010-03-19, Russ Combs <rcombs () sourcefire com> wrote:What version of Snort are you using? The latest version has event_filters that may do exactly what you want. Check out the README.filters for more.Mine is 2.8.4. Will move to 2.8.6 as soon as the OS upgrade will permit, which is not in my control... Damn, can somebody change the mailing list settings, so that reply goes to the mailing list?Gmail suppresses your reply. It's not a mailing list thing, it's a gmail thing.On Fri, Mar 19, 2010 at 2:43 AM, Nerijus Krukauskas <nkrukauskas () gmail com>wrote:Hi, On 2010-03-19, James Lay <jlay () slave-tothe-box net> wrote:I took a good solid read of the README for sfportscan, but at the end oftheday it seems that I¹m left with only a couple options of ignore_scanners, and ignore_scanned. Am I reading something wrong? These seem prettybinaryto me....unless there¹s a more granular level of control that I¹mmissing. You're not alone with this kind of feeling. I have it too. And I'm ignoring much of the portscan alerts, unless the statistical alert picture changes. -- http://nk99.org/ --- --- --- --- ------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- http://nk99.org/ --- --- --- --------------------------------------------------------------------- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How many ports is considered a portsweep/portscan? James Lay (Mar 18)
- Re: How many ports is considered a portsweep/portscan? Matt Olney (Mar 18)
- Re: How many ports is considered a portsweep/portscan? James Lay (Mar 18)
- Re: How many ports is considered a portsweep/portscan? Nerijus Krukauskas (Mar 18)
- Re: How many ports is considered a portsweep/portscan? Russ Combs (Mar 19)
- Re: How many ports is considered a portsweep/portscan? Nerijus Krukauskas (Mar 24)
- Re: How many ports is considered a portsweep/portscan? Joel Esler (Mar 24)
- Re: How many ports is considered a portsweep/portscan? Ryan Jordan (Mar 24)
- Re: How many ports is considered a portsweep/portscan? Joel Esler (Mar 24)
- Re: How many ports is considered a portsweep/portscan? Nerijus Krukauskas (Mar 24)
- Re: How many ports is considered a portsweep/portscan? James Lay (Mar 18)
- Re: How many ports is considered a portsweep/portscan? Matt Olney (Mar 18)