Home page logo

snort logo Snort mailing list archives

port scan rule
From: Balla István <balla.bmf () gmail com>
Date: Thu, 9 May 2013 23:22:24 +0200

hey guys,

could you tell me which rule should I set to drop if I wanna block all port

from my snort.conf:

*preprocessor sfportscan: proto  { all } memcap { 10000000 } sense_level {
medium } detect_ack_scan*s

if i m right it only detects ack flags without 3w hs. my question is how to
configure it to detect all port scans and which rules to set to drop?
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and 
their applications. This 200-page book is written by three acclaimed 
leaders in the field. The early access version is available now. 
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]