Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: Nessus External Scan SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Nessus External Scan
If I have a properly configured network, should I be able to detect and External Scan from Nessus of my network? If so, how would I know, what would alert me? If not, is there anything that can be put in place to notify of such scanning? Mercury049

2 Posts
Detecting a port scan is easy and implemented in most SIEM solution as a standard rule...
It's based on something like that:

"if x connection attempts are detected in y seconds from the same IP address then raise an alert"

ISC Handler

Sign Up for Free or Log In to start participating in the conversation!