Snort mailing list archives
portscan but no rules - Was: Re: no alerts logged
From: Mat Harris <mat.harris () genestate com>
Date: Fri, 16 Jan 2004 12:10:14 +0000
On Thu, Jan 15, 2004 at 10:57:44 +0000, Mat Harris wrote:
Totally my mistake, I forgot that the initscript for snort that I downloaded has to be modified as the INTERFACE var does not get passed to the command line. I hadn't changed it when I rebuilt my setup. Thanks for the ideas mat
although now I can detect a portscan from a test machine, nothing is alerted from normal rules, just portscan2. I am not 100% sure what I am doing in the configfile so I may have turned a master rule off or something. I will have posted the config to http://dev.genestate.com/debug/snort.conf in 2 minutes. thanks -- ----------------------------------------- + Mat Harrison | mat.harris () genestate com + | England, UK | matth () 3d-computers co uk | |--------------+--------------------------| + http://www.genestate.com + ---------------------------------------- Yes, of course it's the right cabl [le0: NO CARRIER]
Attachment:
_bin
Description:
Current thread:
- no alerts logged Mat Harris (Jan 15)
- <Possible follow-ups>
- Re: no alerts logged M. Morgan (Jan 15)
- Re: no alerts logged Mat Harris (Jan 15)
- portscan but no rules - Was: Re: no alerts logged Mat Harris (Jan 16)
- Re: no alerts logged Mat Harris (Jan 15)
- RE: no alerts logged Michael Chapman (Jan 15)
- RE: no alerts logged Michael Chapman (Jan 16)
- RE: no alerts logged Michael Chapman (Jan 16)