|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: [snort] PSH|ACK|RST (FW: spp_portscan.c.diff)
From: John Wilson (tug
wilson.co.uk)Date: Thu Mar 16 2000 - 14:59:21 CST
- Next message: Andrew R. Baker: "Re: [snort] Snort 1.6 Release Candidate 1"
- Previous message: John Wilson: "Re: [snort] PSH|ACK|RST (FW: spp_portscan.c.diff)"
- In reply to: Martin Roesch: "Re: [snort] PSH|ACK|RST (FW: spp_portscan.c.diff)"
- Next in thread: Mike Caughran: "Re: [snort] PSH|ACK|RST (FW: spp_portscan.c.diff)"
- Reply: John Wilson: "Re: [snort] PSH|ACK|RST (FW: spp_portscan.c.diff)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----- Original Message -----
From: Martin Roesch <roeschhiverworld.com>
To: <snortbofh.kyrnet.kg>
Sent: 16 March 2000 19:37
Subject: Re: [snort] PSH|ACK|RST (FW: spp_portscan.c.diff)
> Well, you could log them straight out to disk and then concatenate that
> to the log file, but that would suck... :)
Yes, but you could postprocess the file and discard the false alarms which
would be intelligent ;))
John Wilson
The Wilson Partnership
5 Market Hill, Whitchurch, Aylesbury, Bucks HP22 4JB, UK
+44 1296 641072, +44 976 611010(mobile), +44 1296 641874(fax)
Mailto: tugwilson.co.uk
- Next message: Andrew R. Baker: "Re: [snort] Snort 1.6 Release Candidate 1"
- Previous message: John Wilson: "Re: [snort] PSH|ACK|RST (FW: spp_portscan.c.diff)"
- In reply to: Martin Roesch: "Re: [snort] PSH|ACK|RST (FW: spp_portscan.c.diff)"
- Next in thread: Mike Caughran: "Re: [snort] PSH|ACK|RST (FW: spp_portscan.c.diff)"
- Reply: John Wilson: "Re: [snort] PSH|ACK|RST (FW: spp_portscan.c.diff)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]