Snort mailing list archives
RE: Snort rules
From: sEc nErD <umkcguy1978 () yahoo com>
Date: Tue, 8 Feb 2005 12:16:54 -0800 (PST)
I ahve a question for security admins here.
Our client performed an internal port scan using super scan on their internal network.When i say internal network i
mean private network LAN.
Our snort sensor didnt catch any of it the whole port scan and aftre doing some diggging i saw the scan.rules file and
saw that it is checking all inbound
port scans like $external any-->$Home Network
Now the client is questioning us as to why this should not be checked both ways..he is saying if it is somebody in
their network doing a port scan it will go unnoticed.
can anybody answer this?
thanks
---------------------------------
Do you Yahoo!?
Yahoo! Mail - 250MB free storage. Do more. Manage less.
Current thread:
- RE: Snort rules Hugo (Feb 08)
- RE: Snort rules sEc nErD (Feb 08)
- RE: Snort rules Matt Kettler (Feb 08)
- mysql not logging alerts sEc nErD (Feb 08)
- Re: mysql not logging alerts James Riden (Feb 08)
- RE: Snort rules Matt Kettler (Feb 08)
- RE: Snort rules sEc nErD (Feb 08)
- <Possible follow-ups>
- RE: Snort rules Chris Vaughan (Feb 08)