Snort mailing list archives
snort/ACID portscan display
From: Kate Hagen <katehagenuk () yahoo co uk>
Date: Wed, 6 Feb 2002 21:39:09 +0000 (GMT)
I am running snort 1.8.3 on mandrake 8.1 with ACID v0.9.6b19 and MySQL 3.23.41. Portscans appear in the ACID display, but when I click on the IP address, no list of portscans associated with that IP address appear. I read a newsgroup post dated several months back that ACID does not log portscans properly and that the portscan is not actually coming from the IP address it appears to be coming from (according to the ACID display). However, when I read the Snort portscan.log itself, the portscans actually do appear to be coming from the IP addresses that ACID claims they are coming from. From what little knowledge I have of php, it appears that ACID is actually logging the source IP correctly. But why can I not display a list of all portscans by source IP? I have looked all over for more information about this and haven't found anything (RTFM, google, snort.org). I have been reading this list for a while and haven't seen it mentioned, although it is quite possible I missed it. Thanks for your time. __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort/ACID portscan display Kate Hagen (Feb 06)