Network Security: Detailed info on Re: [Snort-users] portscan preprocessor and external net

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Snort-Users

[Top] [All Lists]

Re: [Snort-users] portscan preprocessor and external net

from [marco turr] Network Security

[Permanent Link]

Subject:	Re: [Snort-users] portscan preprocessor and external net
Date:	Tue, 29 Nov 2005 19:23:47 +0100 (CET)



Matt Kettler <mkettler@evi-inc.com> ha scritto:
 Generally speaking, you want to do the opposite. You want to ignore your 
subnet,
and no others.


 We need to detect only home hosts that make portscan to any (compromised 
hosts) because we have a lot of scanning from external.
 Now, i must subnet all internet address? There is no way to make a !$HOME_NET 
without writing ALL internet address?


                
---------------------------------
Yahoo! Messenger: chiamate gratuite in tutto il mondo

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-users] portscan preprocessor and external net, marco turr Re: [Snort-users] portscan preprocessor and external net, Jason Brvenik Re: [Snort-users] portscan preprocessor and external net, marco turr Re: [Snort-users] portscan preprocessor and external net, Matt Kettler Re: [Snort-users] portscan preprocessor and external net, marco turr <=

Previous by Date:	Re: [Snort-users] portscan preprocessor and external net, Matt Kettler
Next by Date:	Re: [Snort-users] Libnet v1.1 vs libnet v1.0.2a, Jeff Nathan
Previous by Thread:	Re: [Snort-users] portscan preprocessor and external net, Matt Kettler
Next by Thread:	[Snort-users] Any issues with dup packets on snort?, Jason Haar
Indexes:	[Date] [Thread] [Top] [All Lists]