Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Missing Portscanners in 2.8 - Flow-Portscan vs stream5

From: frederick sonnichsen <fsonnichsen () whoi edu>
Date: Mon, 24 Mar 2008 15:22:17 -0400
I have converted from 2.3.3 to 2.8.0.2.
Running both versions now, the newer version detects fewer portscans and 
sweeps. I stated looking into the preprocessors:

Per the doc, stream5 replaces stream4, and also the flow preprocessors.
However, due to the missing detection I decided to add back the 
Flow-Portscan. When I do this I get the following message at snort startup:
      FATAL ERROR: /etc/snort/snort.conf(806) flow-portscan requires 
spp_flow to be enabled!

I cannnot find anything about the option spp_flow or how to turn it on.
Any ideas?
Thanks
Fritz


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: