You need to refine the list of ports that are being
scanned. Only set the triggers on ports that are open
on you systems, certainly this is not 1000 ports.
Also you should not be so concerned about a particular
port being scanned. You should be more worried about
one source IP address scanning many ports in a very a
rapid manner, which would indicate that an attempted
attack may be happening (most likely scripted). Until
you refine your aproach you will be overwhelmed by
false positives and useless information.
Helper
--- Eliyah Lovkoff <[EMAIL PROTECTED]> wrote:
> Is there any way to limit the numbers of e-mails
> sent by CPMAD as a result of port scanning?
> As long as I understand for each port that is
> scanned CPMAD sends an e-mail notification.So if
> 1000 ports are scanned then I receive 1000
> e-mails...not very good situation.....
>
> -
> [To unsubscribe, send mail to
> [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
