port_scan issue in Snort3
Hello. Sorry if I chosen wrong forum, but everywhere I have asked this question, no answer was given.
Recently I have set up basic IPS by dropping (and logging) connection attempts to closed ports. Because it can contain many false positive results, I managed to use `port_scan` inspector module for Snort, but even with highest possible sensitivity, Snort doesn't log anything for rules with gid 122 and sid in range 1-27.
I would appreciate any recommendation to solve this problem. Thanks.

1 Posts

Sign Up for Free or Log In to start participating in the conversation!