Snort mailing list archives
Port scan not detected
From: JB Van Puyvelde <jbvanpuyvelde () gmail com>
Date: Sun, 25 Nov 2012 00:35:05 +0100
Hello, I've just installed Snort 2.9.3.1 from sources on Debian and Nmap scans (-sS and -sT) are not detected. I've tried with different $HOME_NET and $EXTERNAL_NET values (even with any any). In fact, there is no LAN to monitor, just the server running snort. This server is the target of the scans, done from an other computer. The Sfportscan preprocessor is confidgured as follows: proto { all } memcap { 10000000 } sense_level { high }. Other classical rules seem to work fine. Any suggestion on what should be changed? Regards, -- JB ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Port scan not detected JB Van Puyvelde (Nov 24)