Port scan not detected

[JB Van Puyvelde <jbvanpuyvelde () gmail com>]

Hello,

I've just installed Snort 2.9.3.1 from sources on Debian and Nmap
scans (-sS and -sT) are not detected.

I've tried with different $HOME_NET and $EXTERNAL_NET values (even
with any any). In fact, there is no LAN to monitor, just the server
running snort. This server is the target of the scans, done from an
other computer.

The Sfportscan preprocessor is confidgured as follows: proto { all }
memcap { 10000000 } sense_level { high }.

Other classical rules seem to work fine.

Any suggestion on what should be changed?

Regards,

--
JB

------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!