Snort mailing list archives

Re: Flow-portscan oddity

From: Martin Roesch <roesch () sourcefire com>
Date: Tue, 13 Apr 2004 09:56:09 -0400

Check out README.flow-portscan in the doc directory of your snortdistro.


     -Marty

On Apr 13, 2004, at 2:31 AM, Guillaume Arcas wrote:

Kreimendahl, Chad J a dit :

Using the default configuration for flow and flow portscan... And
testing it on an external interface... We're seeing absolutely noalertstriggered. I've attempted using many output mechanisms, hoping thatit
wasn't the method we were using, and the results are the same.   I'm
100% positive there were several scans happening on this sameinterface,as I ran portscan2 at the same time with a different snort, on thesame
interface.   Many noisy ugly alerts from portscan2... Nothing from
flow-portscan.


Same for me...

Is there anywhere out of the code itself some documentation about this
plugin and its configuration ?


--
Guillaume Arcas

--------------------------------------------------
Il faut nous quitter. Nous sommes deux enfants,
nous avons fait une folie. (Yvonne de Galais)


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

--
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Intelligent Security Monitoring
roesch () sourcefire com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Flow-portscan oddity Kreimendahl, Chad J (Apr 12)
- Re: Flow-portscan oddity Guillaume Arcas (Apr 12)
  - Re: Flow-portscan oddity Martin Roesch (Apr 13)
    - Re: Flow-portscan oddity Guillaume Arcas (Apr 13)
- <Possible follow-ups>
- RE: Flow-portscan oddity Kreimendahl, Chad J (Apr 13)
- RE: Flow-portscan oddity Douglas McCrea (Apr 13)
  - RE: Flow-portscan oddity Todd_Pratt (Apr 13)
- RE: Flow-portscan oddity Kreimendahl, Chad J (Apr 13)
  - RE: Flow-portscan oddity Todd_Pratt (Apr 14)
- RE: Flow-portscan oddity Dusty Hall (Apr 14)
- RE: Flow-portscan oddity Douglas McCrea (Apr 14)
  - Re: Flow-portscan oddity Chris Green (Apr 14)
- RE: Flow-portscan oddity Jasmine CHUA (Apr 15)