Snort mailing list archives
Re: port scan rule
From: ARUN PUSHKAR <arunpushkar () gmail com>
Date: Mon, 13 May 2013 20:38:18 +0530
Kswkkygyfufhhhghjgnsaae3627577669*49-). J0. On May 10, 2013 2:57 AM, "Balla István" <balla.bmf () gmail com> wrote:
add. info: this nmap command grabbed the followings: nmap -p 1-443 -T4 -Pn -v 10.10.10.2 PORT STATE SERVICE 22/tcp open ssh 135/tcp open msrpc 2013/5/9 Balla István <balla.bmf () gmail com>hey guys, could you tell me which rule should I set to drop if I wanna block all port scan? from my snort.conf: *preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { medium } detect_ack_scan*s if i m right it only detects ack flags without 3w hs. my question is how to configure it to detect all port scans and which rules to set to drop?------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- port scan rule Balla István (May 09)
- Re: port scan rule Balla István (May 09)
- Re: port scan rule ARUN PUSHKAR (May 13)
- Re: port scan rule Jason (May 09)
- Re: port scan rule Balla István (May 09)