Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: how to disable spp_porscan?

From: Phil Wood <cpw () lanl gov>
Date: Wed, 19 Dec 2001 16:41:08 -0700
Hi,

Well, I took your configuration file, and your command line, and after
adding snort user and group, creating /var/log/snort, and populating
/etc/snort with rules and your config file (with changes for my situation
in the area of networks), gave the command line to the system (as root).

Lo and Behold, I had one file (the binary file from -b) show up in the
/var/log/snort directory.  I did a standard nmap of my system, and no
portscans.  Then, I enabled portscans in the sonrt.conf file, and restarted
snort (same way).  Lo and Behold, after running same nmap, I had a portscan
file.

So, my question still is what is in the include file?  And/or, have you
found that there is something different in the /etc/snort directory?

Later,

-- 
Phil Wood, cpw () lanl gov


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: