|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Ashley Thomas (athomas
unity.ncsu.edu)Date: Sat May 11 2002 - 22:46:21 CDT
The numbers are sort of ids for the alert generator..
the numbers are defined as:
#define GENERATOR_SPP_PORTSCAN 100
#define PORTSCAN_SCAN_DETECT 1
100 -> sig_generator
1 -> sig_id
1 -> sig_rev
hope that helps...
-ashley
On Sun, 12 May 2002, Tommy Tsilalis wrote:
> This is another Snort output.
>
> [**] [100:1:1] spp_portscan: PORTSCAN DETECTED from 192.168.0.2 (THRESHOLD 4
> connections exceeded in 0 seconds) [**]
>
> I suppose that spp_portscan is the Snort function which identifies or checks
> for portscans.
> What does the following mean?
> [100:1:1]
>
> Thanks again.
>
>
> Thomas Tsilalis
>
>
> _______________________________________________________________
>
> Have big pipes? SourceForge.net is looking for download mirrors. We supply
> the hardware. You get the recognition. Email Us: bandwidthsourceforge.net
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
_______________________________________________________________
Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidthsourceforge.net
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]