Re: rules file doesn't work properly, no DoS or portscan detected...

[Joel Esler <jesler () sourcefire com>]

On May 24, 2013, at 11:31 AM, Gijs van der Velden <gijsvandervelden () live nl> wrote:

> Hello everyone,
>
> I've managed to setup snort on Windows Server 2012 and successfully run it, however DoS or portscan  attacks are not 
> being logged... 
> I tried doing a nmap scan and a 10 sec DoS with loic, but neither where loged.
>
> I've made a post about this here: http://winsnort.com/index.php?name=PNphpBB2&file=viewtopic&p=4554#4554
> and tried out the test rule which logs everything.
> That rule did work fine.
>
> Anyone knows how I can resolve this and use snort to detect incoming DoS and DDoS attacks?

Are you receiving any packets on the interface that Snort is sniffing?
Are you sniffing the right interface?
What does your snort.conf look like?
What does your Snort startup command line look like?
What output do you get when you run that command?


--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!