Re: [Snort-users] spp_portscan2??

This is a discussion on Re: [Snort-users] spp_portscan2?? within the Snort forums, part of the System Security and Security Related category; portscan2 is snort's next generation portscan detection preprocessor. It allows you to configure configure the max number of hosts ...


Go Back   Usenet Forums > System Security and Security Related > Snort

Reload this Page Re: [Snort-users] spp_portscan2??

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 09-29-2003
Bill Terwilliger
 
Posts: n/a
Default Re: [Snort-users] spp_portscan2??
portscan2 is snort's next generation portscan detection preprocessor.
It allows you to configure configure the max number of hosts and/or
ports that a portscanner can hit before it is alerted on. The
parameters are:

scanners_max - max number of potential portscanners that snort will
track in the tree
targets_max - max number of different targets that snort will track (I
think that this is per portscanner, but I forget)
target_limit - max targets a portscanner can hit before an alert is sent
port_limit - max ports that a portscanner can hit before an alert is
sent - the port count is a sum of the ports from all hosts (very cool)
timeout - the portscanner's inactivity timeout - portscanner's will be
removed from the tree if this value is hit
log - portscan2 has its own log

Here are the default values:
#define DEFAULT_MAX_SCANNER 1000
#define DEFAULT_TARGET_COUNT 1000
#define DEFAULT_TARGET_LIMIT 5
#define DEFAULT_PORT_LIMIT 20
#define DEFAULT_TIMEOUT 60

--bill On Saturday, September 27, 2003, at 02:05 PM, sauron wrote:

> what is spp_portscan2? i get a lot from my pc to other pc's and i
> didn't make
> any scan.
> thx
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/...fo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.p...st=snort-users




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 02:58 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0