Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: port_scan issue in Snort3 SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
port_scan issue in Snort3
Hello. Sorry if I chosen wrong forum, but everywhere I have asked this question, no answer was given.
Recently I have set up basic IPS by dropping (and logging) connection attempts to closed ports. Because it can contain many false positive results, I managed to use `port_scan` inspector module for Snort, but even with highest possible sensitivity, Snort doesn't log anything for rules with gid 122 and sid in range 1-27.
I would appreciate any recommendation to solve this problem. Thanks.
astraea

1 Posts

Sign Up for Free or Log In to start participating in the conversation!