Snort mailing list archives
Portscanning from my network
From: Steve Ochani <jpegny () optonline net>
Date: Fri, 05 Apr 2002 21:30:28 -0500
Hello, I'm running snort 1.8.3 (sun os 5.8 on ultra 10). I need to detect portscans *from* my network to the outside, while also be able to detect portscans from outside directed to my network. I edited the line in snort.conf from preprocessor portscan: $HOME_NET 4 3 portscan.log to preprocessor portscan: any 4 3 portscan.log and I was able to detect outgoing portscans (with nmap for example), but the problem is even if someone browses the web it gets picked up as a portscan. I tried changing from 4 ports in 3 secs to 4 ports to 1 and 2 but still same problem and I don't want to make that too loo since scans from outside might not be picked up. Any suggestions? Thanks _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Portscanning from my network Steve Ochani (Apr 05)
- what would be the effect? Onie Camara (Apr 05)
- <Possible follow-ups>
- RE: Portscanning from my network Sheahan, Paul (PCLN-NW) (Apr 08)
- RE: Portscanning from my network Ryan Hill (Apr 08)
- Portscanning from my network Steve Ochani (Apr 14)