Hi Lars,

Ossec by itself does not detect portscans. However, if you send your firewall
logs to ossec it can detect portscans by analyzing your fw logs. In
addition to that,
if you have multiple services running and ossec detects multiple
access attempts to
them (including sshd, telnet, ftpd, etc) it can also detect scans.

Hope it helps.

Daniel B. Cid
dcid ( at ) ossec.net

On 9/25/06, Lars Scheithauer <[EMAIL PROTECTED]> wrote:

Good Evening!

I'm currently searching for a way to block netscans, but did not find
a matching rule in ossec. Does anyone know if and where ossec
searches for portscans?

-- Lars

Reply via email to