Snort mailing list archives
AW: portscan traffic
From: "Poppi, Sandro" <Sandro.Poppi () wacker com>
Date: Wed, 31 Jul 2002 12:40:25 +0200
Eduard, first of all you'll have to activate the portscanning preprocessor in your snort.conf (take a look at the shipped snort.conf where good explanations are included, or use the Snort User's Manual and the FAQs for more info on that). Then use nmap (www.insecure.orgt/nmap) to scan systems located where snort listens (BTW, fyodor just released nmap 3.00 a few minutes ago! If www.insecure.org doesn't work try using the ip# in the hope dns entry is not spoofed 8). HTH, Sandro
I'm running Snort+ACID+Postgresql and I'd like to know if snort is dtecting portscan traffic, because I see lots of alerts, but none related to portscan traffic. What should I do to test that snort is detecting portscan traffic?. Thanks in advance ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- AW: portscan traffic Poppi, Sandro (Jul 31)