Hello. Sorry if I chosen wrong forum, but everywhere I have asked this question, no answer was given.
Recently I have set up basic IPS by dropping (and logging) connection attempts to closed ports. Because it can contain many false positive results, I managed to use `port_scan` inspector module for Snort, but even with highest possible sensitivity, Snort doesn't log anything for rules with gid 122 and sid in range 1-27.
I would appreciate any recommendation to solve this problem. Thanks.
|thread locked Quote Subscribe||
Feb 23rd 2021
1 year ago