Snort mailing list archives
Re: Finding rules for internal network
From: James Riden <j.riden () massey ac nz>
Date: Tue, 08 Feb 2005 10:23:30 +1300
sEc nErD <umkcguy1978 () yahoo com> writes:
Hi ALL, I am trying to work through a snort box on debian configured by some other engineer for the rule sets. I have to find why the snort is able to detect outside scans on the network but not able to detect inside scans ,for inside scan scanner used is Super Scan Could anybody tell me where exactly to look for in the rule set snort.conf?
First guess would be to check for "preprocessor portscan-ignorehosts: " or "preprocessor portscan2-ignorehosts: " in snort.conf. In fact, I'm far more worried about portscans originating internally, because that means I've got problems - where as portscans from outside seems to be the norm these days. cheers, Jamie -- James Riden / j.riden () massey ac nz / Systems Security Engineer Information Technology Services, Massey University, NZ. GPG public key available at: http://www.massey.ac.nz/~jriden/ ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Rule creation: content keyword mosquitooth (Feb 06)
- Re: Rule creation: content keyword Frank Knobbe (Feb 06)
- Re: Rule creation: content keyword mosquitooth (Feb 06)
- Re: Rule creation: content keyword Edin Dizdarevic (Feb 06)
- Re: Rule creation: content keyword mosquitooth (Feb 07)
- Re: Rule creation: content keyword Matt Kettler (Feb 07)
- Finding rules for internal network sEc nErD (Feb 07)
- Re: Finding rules for internal network James Riden (Feb 07)
- Re: Finding rules for internal network Matt Kettler (Feb 07)
- Finding rules for internal network sEc nErD (Feb 07)
- <Possible follow-ups>
- RE: Rule creation: content keyword Basselgia, Barry A Mr (NAF Atsugi) (Feb 06)