[Oisf-users] How suricata detects portscans??

carlopmart carlopmart at gmail.com
Tue Apr 12 19:40:05 UTC 2011

On 04/12/2011 08:52 PM, Will Metcalf wrote:
> No, there is no portscan detection... When we asked if there was
> interest in portscan detection at multiple public OISF meetings, the
> overwhelming response we got was "don't waste your time".  I think
> this is because most people don't see portscans as actionable
> intelligence, existing implementations tend to fp a lot and are
> usually disabled, and/or existing implementations can be easily
> defeated with low and slow scans.  Is anybody actually interested in
> this?  Is it actually useful to you?
> Regards,
> Will

In my current environment, it is, because there are several hosts that 
are audited, internally and externally, often.

Thanks Will.

CL Martinez
carlopmart {at} gmail {d0t} com

More information about the Oisf-users mailing list