Snort mailing list archives
Re: Flow-portscan oddity
From: "Guillaume Arcas" <guillaume.arcas () free fr>
Date: Tue, 13 Apr 2004 08:31:56 +0200 (CEST)
Kreimendahl, Chad J a dit :
Using the default configuration for flow and flow portscan... And testing it on an external interface... We're seeing absolutely no alerts triggered. I've attempted using many output mechanisms, hoping that it wasn't the method we were using, and the results are the same. I'm 100% positive there were several scans happening on this same interface, as I ran portscan2 at the same time with a different snort, on the same interface. Many noisy ugly alerts from portscan2... Nothing from flow-portscan.
Same for me... Is there anywhere out of the code itself some documentation about this plugin and its configuration ? -- Guillaume Arcas -------------------------------------------------- Il faut nous quitter. Nous sommes deux enfants, nous avons fait une folie. (Yvonne de Galais) ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Flow-portscan oddity Kreimendahl, Chad J (Apr 12)
- Re: Flow-portscan oddity Guillaume Arcas (Apr 12)
- Re: Flow-portscan oddity Martin Roesch (Apr 13)
- Re: Flow-portscan oddity Guillaume Arcas (Apr 13)
- Re: Flow-portscan oddity Martin Roesch (Apr 13)
- <Possible follow-ups>
- RE: Flow-portscan oddity Kreimendahl, Chad J (Apr 13)
- RE: Flow-portscan oddity Douglas McCrea (Apr 13)
- RE: Flow-portscan oddity Todd_Pratt (Apr 13)
- RE: Flow-portscan oddity Kreimendahl, Chad J (Apr 13)
- RE: Flow-portscan oddity Todd_Pratt (Apr 14)
- RE: Flow-portscan oddity Dusty Hall (Apr 14)
- RE: Flow-portscan oddity Douglas McCrea (Apr 14)
- Re: Flow-portscan oddity Chris Green (Apr 14)
(Thread continues...)
- Re: Flow-portscan oddity Guillaume Arcas (Apr 12)