Snort mailing list archives
Re: rules file doesn't work properly, no DoS or portscan detected...
From: Joel Esler <jesler () sourcefire com>
Date: Fri, 24 May 2013 18:28:14 -0400
On May 24, 2013, at 11:31 AM, Gijs van der Velden <gijsvandervelden () live nl> wrote:
Hello everyone, I've managed to setup snort on Windows Server 2012 and successfully run it, however DoS or portscan attacks are not being logged... I tried doing a nmap scan and a 10 sec DoS with loic, but neither where loged. I've made a post about this here: http://winsnort.com/index.php?name=PNphpBB2&file=viewtopic&p=4554#4554 and tried out the test rule which logs everything. That rule did work fine. Anyone knows how I can resolve this and use snort to detect incoming DoS and DDoS attacks?
Are you receiving any packets on the interface that Snort is sniffing? Are you sniffing the right interface? What does your snort.conf look like? What does your Snort startup command line look like? What output do you get when you run that command? -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire
------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (May 24)
- Re: rules file doesn't work properly, no DoS or portscan detected... Joel Esler (May 24)
- Message not available
- Re: rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (May 24)
- Re: rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (May 25)
- Re: rules file doesn't work properly, no DoS or portscan detected... waldo kitty (May 25)
- Re: rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (May 25)
- Re: rules file doesn't work properly, no DoS or portscan detected... waldo kitty (May 25)
- Re: rules file doesn't work properly, no DoS or portscan detected... Joel Esler (May 25)
- Re: rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (May 26)
- Re: rules file doesn't work properly, no DoS or portscan detected... waldo kitty (May 26)
- Re: rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (May 26)
- Re: rules file doesn't work properly, no DoS or portscan detected... Michael Steele (May 26)
- Message not available
- Re: rules file doesn't work properly, no DoS or portscan detected... Joel Esler (May 24)