Snort mailing list archives

Re: No alerts attacking with nmap

From: Joel Esler <joel.esler () sourcefire com>
Date: Wed, 28 Mar 2007 08:58:04 -0400

Read the snort.conf and the Snort manual. Both of these will helpyou tune Snort. It's the best advice for a new starter.


J

+---------------------------------------------------------------------+
Joel Esler                                         Security Consultant
    gpg key: http://demo.sourcefire.com/jesler.pgp.key
+---------------------------------------------------------------------+



On Mar 28, 2007, at 4:19 AM, Josep Pujadas i Jubany wrote:

Hello!

I have trouble adjusting my snort.conf ...

I attacked the snort sensor from another machine on my LAN, usingnmap, and

any alert is showed.

snort is working (I have some UDP and ICMP alerts) ...

I'm running it on a FreeBSD 6.2 machine:

# pkg_info | grep snort
oinkmaster-2.0      Help you update your snort rules after each update
snort-2.6.1.3       Lightweight network intrusion detection system

Any idea for my problem ?

Where can I find good examples for configuring/adjusting snort.conf ?

Thanks in advance,

Josep Pujadas

-------------------------------------------------------------------------

Take Surveys. Earn Cash. Influence the Future of IT

Join SourceForge.net's Techsay panel and you'll get the chance toshare your

opinions on IT & business topics through brief surveys-and earn cash

http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

No alerts attacking with nmap Josep Pujadas i Jubany (Mar 28)
- Re: No alerts attacking with nmap Joel Esler (Mar 28)
- <Possible follow-ups>
- Fwd: No alerts attacking with nmap Joel Esler (Mar 28)