Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: help: how to block the_scan when use snort3.0 for port scan detecting ?

From: Russ via Snort-users <snort-users () lists snort org>
Date: Mon, 11 Feb 2019 09:33:04 -0500
Set alert_all = true and change your rule actions from alert to block:

$ snort --help-config port_scan | grep alert_all
bool port_scan.alert_all = false: alert on all events over threshold within window if true; else alert on first only 

On 2/11/19 2:19 AM, sofardware via Snort-users wrote:

      Hi all,
      I found the following words in snort3 user manual,but the manual  does not say how to config the snort3 to realize blocking the scan? Who can tell me how ?Thank you very much. 
      16.2 Features Improved over Snort 2
              port_scan can block scans (Snort 2 can only detect scans)



_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette



_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Previous By Date Next
Previous By Thread Next

Current thread: