Snort mailing list archives

Snort won't detect any portscan activity

From: "Alen Salamun" <alen.salamun () alienworld org>
Date: Sun, 17 Feb 2002 12:35:52 +0100

Hello!

I have been trying to get snort up and running on my Mandrake 8.1.
Everything works OK, but snort won't detect anykind of portscans
(nmap -sS, -sT) at all. Portscans go through I don't block them with
iptables. I tried some other rules and they worked.

I have mandrake 8.1 and Snort 1.8.3 precompiled from site and even
recompiled it myself. Configuration:

var HOME_NET 192.168.1.0/24
var EXTERNAL_NET any
var SMTP $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var DNS_SERVERS $HOME_NET

preprocessor frag2
preprocessor stream4: detect_scans
preprocessor stream4_reassemble
preprocessor http_decode: 80 -unicode -cginull
preprocessor rpc_decode: 111
preprocessor bo: -nobrute
preprocessor telnet_decode
preprocessor portscan: $HOME_NET 3 5 /var/log/snort/portscan.log
and all the normal includes....

Where Do I lie wrong?

Bye, Alen


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort won't detect any portscan activity Alen Salamun (Feb 17)
- Re: Snort won't detect any portscan activity Matt Kettler (Feb 18)