hi list
I'm working with portsentry on a RAQ3. I would like to be informed by not
allowed scans of wellknown ports, with an email. that works everything. if
somebody scans on all thousand wellknown ports, then i get for every scan a
email.
what is wrong on the following pattern-definition? (swatch-3.0.1)
config on watchlog:
watchfor /attackalert|expn/
echo=normal
mail=alarm,subject=--- Attack Alert! ---
throttle 5:00 0:16
thanks
rene
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
