Snort mailing list archives
Snort won't detect any portscan activity
From: "Alen Salamun" <alen.salamun () alienworld org>
Date: Sun, 17 Feb 2002 12:35:52 +0100
Hello! I have been trying to get snort up and running on my Mandrake 8.1. Everything works OK, but snort won't detect anykind of portscans (nmap -sS, -sT) at all. Portscans go through I don't block them with iptables. I tried some other rules and they worked. I have mandrake 8.1 and Snort 1.8.3 precompiled from site and even recompiled it myself. Configuration: var HOME_NET 192.168.1.0/24 var EXTERNAL_NET any var SMTP $HOME_NET var HTTP_SERVERS $HOME_NET var SQL_SERVERS $HOME_NET var DNS_SERVERS $HOME_NET preprocessor frag2 preprocessor stream4: detect_scans preprocessor stream4_reassemble preprocessor http_decode: 80 -unicode -cginull preprocessor rpc_decode: 111 preprocessor bo: -nobrute preprocessor telnet_decode preprocessor portscan: $HOME_NET 3 5 /var/log/snort/portscan.log and all the normal includes.... Where Do I lie wrong? Bye, Alen _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort won't detect any portscan activity Alen Salamun (Feb 17)
- Re: Snort won't detect any portscan activity Matt Kettler (Feb 18)