Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Portscan detection

From: Neil Dickey <neil () geol niu edu>
Date: Wed, 23 May 2001 11:05:29 -0500 (CDT)

"Mads Krog-Jensen" <mkj () multica dk> wrote asking:


I have set up snort on a win2k box.

[ ... ]

Anyway, I did a test with a portscan with these settings, and snort
did not log anything to the alert file. 

By reading the rule files, I can see that it looks for a connection
on 3 diffrent ports within 3 seconds or something like that! I set
it up to 10 seconds, but still no alert!

Anyone have any idea why it's not loggin the portscan!


I have seen something similar.  The portscan preprocessor is now
being re-written, and I've sent my stuff off to the fellow in charge.
He tells me it will be fixed.

Best regards,

Neil Dickey, Ph.D.
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois
60115

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: