Snort mailing list archives
Re: help: how to block the_scan when use snort3.0 for port scan detecting ?
From: Russ via Snort-users <snort-users () lists snort org>
Date: Mon, 11 Feb 2019 09:33:04 -0500
Set alert_all = true and change your rule actions from alert to block: $ snort --help-config port_scan | grep alert_allbool port_scan.alert_all = false: alert on all events over threshold within window if true; else alert on first only
On 2/11/19 2:19 AM, sofardware via Snort-users wrote:
Hi all,I found the following words in snort3 user manual,but the manual does not say how to config the snort3 to realize blocking the scan? Who can tell me how ?Thank you very much.16.2 Features Improved over Snort 2 port_scan can block scans (Snort 2 can only detect scans) _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- help: how to block the_scan when use snort3.0 for port scan detecting ? sofardware via Snort-users (Feb 10)
- Re: help: how to block the_scan when use snort3.0 for port scan detecting ? Russ via Snort-users (Feb 11)
- Re: help: how to block the_scan when use snort3.0 for port scan detecting ? sofardware via Snort-users (Feb 12)
- help/Re:Re: help: how to block the_scan when use snort3.0 for port scan detecting ? sofardware via Snort-users (Feb 13)
- Re: help/Re:Re: help: how to block the_scan when use snort3.0 for port scan detecting ? Russ via Snort-users (Feb 15)
- Re: help: how to block the_scan when use snort3.0 for port scan detecting ? Russ via Snort-users (Feb 11)