I'm not sure if this is the right place to post this or if Roman is on
this list. I'm using the Snort+MySQL+ACID combo for my network and I'd
really like to see an improvement on the reporting of portscans in ACID.
I'd love there to be a report that has a summary of portscans which
would show the scanner's IP address, maybe the address it resolves to,
the ports they were hitting and possibly the other number of unique
events associated with that address and maybe a count of those unique
events. I think it would give me a better single place to look to get an
idea of who's actively targeting me versus just blasting me with
portscans. Anyone out there in agreement with this? Is there another
program that will do that that I'm not aware of?

My $.02,

Kris

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]