Home page logo
/

snort logo Snort mailing list archives

port scan rule
From: Balla István <balla.bmf () gmail com>
Date: Thu, 9 May 2013 23:22:24 +0200

hey guys,

could you tell me which rule should I set to drop if I wanna block all port
scan?

from my snort.conf:

*preprocessor sfportscan: proto  { all } memcap { 10000000 } sense_level {
medium } detect_ack_scan*s

if i m right it only detects ack flags without 3w hs. my question is how to
configure it to detect all port scans and which rules to set to drop?
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and 
their applications. This 200-page book is written by three acclaimed 
leaders in the field. The early access version is available now. 
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]