Hello!
I would like to create a rule to detect outbound port scanning using this logic: “Drop traffic if this user already accessed port ABC to X different IP addresses on last Y seconds”.
Thank you!
Please don’t create a new thread with more or less the same content another post of you had.
1 Like