Snort mailing list archives
Re: how to disable spp_porscan?
From: Chris Green <cmg () uab edu>
Date: Tue, 18 Dec 2001 14:07:58 -0600
robe () alfa21 com (Roberto Suarez Soto) writes:
On Dec/18, Steve Halligan wrote:If you commented spp_portscan in snort.conf, the alerts you are seeing are NOT coming from it. More likely they are coming from snort itself, and youWell, I wouldn't say so: Dec 18 19:55:51 seel snort[28989]: spp_portscan: PORTSCAN DETECTED from XX.XX.XX.XX (THRESHOLD 4 connections exceeded in 3 seconds)
Ok, lets move to theory two. How are you running snort? What command line options? Where does this snort.conf you reference live? -- Chris Green <cmg () uab edu> Fame may be fleeting but obscurity is forever. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: how to disable spp_porscan?, (continued)
- Re: how to disable spp_porscan? Roberto Suarez Soto (Dec 19)
- Re: how to disable spp_porscan? Phil Wood (Dec 19)
- Re: how to disable spp_porscan? Roberto Suarez Soto (Dec 20)
- Re: how to disable spp_porscan? Phil Wood (Dec 20)
- Re: how to disable spp_porscan? Phil Wood (Dec 20)
- Re: how to disable spp_porscan? Roberto Suarez Soto (Dec 21)
- Re: how to disable spp_porscan? Roberto Suarez Soto (Dec 18)
- Re: how to disable spp_porscan? Roberto Suarez Soto (Dec 18)
- Re: how to disable spp_porscan? Chris Green (Dec 18)
- Re: how to disable spp_porscan? Roberto Suarez Soto (Dec 19)
- Re: how to disable spp_porscan? Phil Wood (Dec 19)
- Re: how to disable spp_porscan? Roberto Suarez Soto (Dec 20)