[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-users
Subject:    Re: [Snort-users] RULE ALERT NMAP SCAN
From:       "Al Lewis \(allewi\) via Snort-users" <snort-users () lists ! snort ! org>
Date:       2017-10-18 13:32:08
Message-ID: D939E846-4136-4275-89CF-6E802DB85E8B () cisco ! com
[Download RAW message or body]

[Attachment #2 (text/plain)]

Hello,

Try a detection filter.

https://www.snort.org/faq/readme-filters




Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi@cisco.com<mailto:allewi@cisco.com>

From: Snort-users <snort-users-bounces@lists.snort.org<mailto:snort-users-bounces@lists.snort.org>> \
on behalf of nguyen cao via Snort-users \
                <snort-users@lists.snort.org<mailto:snort-users@lists.snort.org>>
Reply-To: nguyen cao <nguyenblack1995@gmail.com<mailto:nguyenblack1995@gmail.com>>
Date: Wednesday, October 18, 2017 at 2:42 AM
To: "snort-users@lists.snort.org<mailto:snort-users@lists.snort.org>" \
                <snort-users@lists.snort.org<mailto:snort-users@lists.snort.org>>
Subject: [Snort-users] RULE ALERT NMAP SCAN

I try command : "nmap --scan-delay 2s TargetIP". some body can tell me rule snort \
detecion this type attack ? Tks


[Attachment #3 (text/html)]

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: \
after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Courier, \
sans-serif;"> <div>
<div>
<div>Hello,</div>
<div><br>
</div>
<div><span class="Apple-tab-span" style="white-space:pre"></span>Try a detection \
filter.</div> <div><br>
</div>
<div><a href="https://www.snort.org/faq/readme-filters">https://www.snort.org/faq/readme-filters</a></div>
 <div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div>
<div id="MAC_OUTLOOK_SIGNATURE">
<div>
<p class="MsoNormal" style="font-family: -webkit-standard; margin: 0in 0in 0.0001pt; \
font-size: 11pt;"> <b><span style="font-size: 12pt; color: rgb(31, 73, 125);"><font \
face="Courier">Albert Lewis<o:p></o:p></font></span></b></p> <p class="MsoNormal" \
style="font-family: -webkit-standard; margin: 0in 0in 0.0001pt; font-size: 11pt;"> \
<font color="#7f7f7f">ENGINEER.SOFTWARE ENGINEERING</font></p> <p class="MsoNormal" \
style="font-family: -webkit-standard; margin: 0in 0in 0.0001pt; font-size: 11pt;"> \
<font face="Courier"><span style="color: rgb(153, 153, 153); font-size: \
12pt;">SOURCE</span><b><span style="font-size: 12pt; color: \
red;">fire</span></b><span style="color: rgb(153, 153, 153); font-size: 12pt;">, \
Inc.&nbsp;</span><span style="color: rgb(136, 136, 136); font-size: 12pt;">now  part \
of&nbsp;</span><b><span style="font-size: 12pt;"><font \
color="#00007f">Cisco</font></span></b></font></p> <p class="MsoNormal" \
style="font-family: -webkit-standard; margin: 0in 0in 0.0001pt; font-size: 11pt;"> \
<font face="Courier"><span style="font-size: 12pt; color: rgb(153, 153, \
153);">Email:&nbsp;</span><span style="font-size: 12pt;"><a \
href="mailto:allewi@cisco.com" style="color: purple;">allewi@cisco.com</a><span \
style="color: rgb(79, 129, 189);">&nbsp;</span></span></font></p> </div>
</div>
</div>
</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:12pt; text-align:left; color:black; \
BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; \
PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: \
medium none; PADDING-TOP: 3pt"> <span style="font-weight:bold">From: \
</span>Snort-users &lt;<a \
href="mailto:snort-users-bounces@lists.snort.org">snort-users-bounces@lists.snort.org</a>&gt; \
on behalf of nguyen cao via Snort-users &lt;<a \
href="mailto:snort-users@lists.snort.org">snort-users@lists.snort.org</a>&gt;<br> \
<span style="font-weight:bold">Reply-To: </span>nguyen cao &lt;<a \
href="mailto:nguyenblack1995@gmail.com">nguyenblack1995@gmail.com</a>&gt;<br> <span \
style="font-weight:bold">Date: </span>Wednesday, October 18, 2017 at 2:42 AM<br> \
<span style="font-weight:bold">To: </span>&quot;<a \
href="mailto:snort-users@lists.snort.org">snort-users@lists.snort.org</a>&quot; \
&lt;<a href="mailto:snort-users@lists.snort.org">snort-users@lists.snort.org</a>&gt;<br>
 <span style="font-weight:bold">Subject: </span>[Snort-users] RULE ALERT NMAP \
SCAN<br> </div>
<div><br>
</div>
<span style="mso-bookmark:_MailOriginalBody">
<div>
<div>
<div dir="ltr">I try command : &quot;nmap --scan-delay 2s TargetIP&quot;. some body \
can tell me rule snort detecion this type attack ? Tks</div> </div>
</div>
</span></span>
</body>
</html>



_______________________________________________
Snort-users mailing list
Snort-users@lists.snort.org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

--===============5312600346045639830==--

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic