[Oisf-users] How suricata detects portscans??
carlopmart
carlopmart at gmail.com
Tue Apr 12 19:40:05 UTC 2011
On 04/12/2011 08:52 PM, Will Metcalf wrote:
> No, there is no portscan detection... When we asked if there was
> interest in portscan detection at multiple public OISF meetings, the
> overwhelming response we got was "don't waste your time". I think
> this is because most people don't see portscans as actionable
> intelligence, existing implementations tend to fp a lot and are
> usually disabled, and/or existing implementations can be easily
> defeated with low and slow scans. Is anybody actually interested in
> this? Is it actually useful to you?
>
> Regards,
>
> Will
>
In my current environment, it is, because there are several hosts that
are audited, internally and externally, often.
Thanks Will.
--
CL Martinez
carlopmart {at} gmail {d0t} com
More information about the Oisf-users
mailing list