|
Hello. Sorry if I chosen wrong forum, but everywhere I have asked this question, no answer was given. Recently I have set up basic IPS by dropping (and logging) connection attempts to closed ports. Because it can contain many false positive results, I managed to use `port_scan` inspector module for Snort, but even with highest possible sensitivity, Snort doesn't log anything for rules with gid 122 and sid in range 1-27. I would appreciate any recommendation to solve this problem. Thanks. |
astraea 1 Posts |
| thread locked Quote Subscribe |
Feb 23rd 2021 1 month ago |
Sign Up for Free or Log In to start participating in the conversation!
