Snort mailing list archives
AW: no portscan traffic
From: "Poppi, Sandro" <Sandro.Poppi () wacker com>
Date: Wed, 16 Apr 2003 14:24:34 +0200
Björn, I suppose you're nmap'ing on the same host you configured snort to listen on (e.g. eth0 with linux). Either configure snort to listen on the loopback device (lo with linux) and namp localhost, or use another station in your network to nmap your snort box. Make sure you don't have preprocessor portscan-ignorehosts or portscan2-ignorehosts configured to ignore your nmap box. If your snort box is listening on a switch make sure to use a mirror/SPAN port to receive all the traffic you expect it to receive. HTH, Sandro
Hi all I use a Snort 1.9.1 and is working fine with ACID ACID v0.9.6b23 Now I want understand how ACID display alerts... I used nmap to get portscan traffic, but there is still no alert ( 0%) Is there somehting wrong configured? Or has someone a manual to easy understand the alerts? Björn Gosswiler Network / Security Engineer ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- AW: no portscan traffic Poppi, Sandro (Apr 16)