Snort mailing list archives

Previous By Date Next
Previous By Thread Next

False positives portscan2

From: bob gunzel <bob () bmcadvies com>
Date: Wed, 16 Apr 2003 10:19:01 +0200
I get many false positives from the portscan2 preprocessor (snort 2, IDS mode) 
of portscans to our gateways:
[**] [117:1:1] (spp_portscan2) Portscan detected from x.x.x.x: 1 targets 21 ports in 18 seconds [**] 
04/16-08:52:30.841873 x.x.x.x:80 -> 213.53.171.134:1393
TCP TTL:50 TOS:0x0 ID:64658 IpLen:20 DgmLen:44 DF
***A**S* Seq: 0x12B17C7F  Ack: 0x186F99  Win: 0x4470  TcpLen: 24
TCP Options (1) => MSS: 1460

Is there any way to filter them out?

Bob Gunzel



--



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: