Hi Lars,
Ossec by itself does not detect portscans. However, if you send your firewall logs to ossec it can detect portscans by analyzing your fw logs. In addition to that, if you have multiple services running and ossec detects multiple access attempts to them (including sshd, telnet, ftpd, etc) it can also detect scans. Hope it helps. -- Daniel B. Cid dcid ( at ) ossec.net On 9/25/06, Lars Scheithauer <[EMAIL PROTECTED]> wrote:
Good Evening! I'm currently searching for a way to block netscans, but did not find a matching rule in ossec. Does anyone know if and where ossec searches for portscans? -- Lars
