Snort mailing list archives
RE: Snort rules
From: sEc nErD <umkcguy1978 () yahoo com>
Date: Tue, 8 Feb 2005 12:16:54 -0800 (PST)
I ahve a question for security admins here. Our client performed an internal port scan using super scan on their internal network.When i say internal network i mean private network LAN. Our snort sensor didnt catch any of it the whole port scan and aftre doing some diggging i saw the scan.rules file and saw that it is checking all inbound port scans like $external any-->$Home Network Now the client is questioning us as to why this should not be checked both ways..he is saying if it is somebody in their network doing a port scan it will go unnoticed. can anybody answer this? thanks --------------------------------- Do you Yahoo!? Yahoo! Mail - 250MB free storage. Do more. Manage less.
Current thread:
- RE: Snort rules Hugo (Feb 08)
- RE: Snort rules sEc nErD (Feb 08)
- RE: Snort rules Matt Kettler (Feb 08)
- mysql not logging alerts sEc nErD (Feb 08)
- Re: mysql not logging alerts James Riden (Feb 08)
- RE: Snort rules Matt Kettler (Feb 08)
- RE: Snort rules sEc nErD (Feb 08)
- <Possible follow-ups>
- RE: Snort rules Chris Vaughan (Feb 08)