Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Rule to detect NMAP FIN Stealth Scan

From: Joe Magueta <joe () pcwe ca>
Date: Mon, 10 Jul 2017 17:18:00 +0000
Hi all.

I'm new to SNORT and have received information from my ISP that they are blocking my connection because there is an 
"NMAP FIN Stealth Scan" happening from my network. Is there a rule that exists already to detect this? If not can 
anyone help me setup a rule on SNORT to detect the scan and the device/s performing it?
Any help is appreciated.

Thank you.

Joe



_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

http://www.snort.org

Please visit http://blog.snort.org for the latest news about Snort!

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Previous By Date Next
Previous By Thread Next

Current thread: