Snort mailing list archives

As a newbie, two questions

From: Emanuele Salvador <lele () profim florida it>
Date: Fri, 3 May 2002 17:24:39 +0200

I recently installed on a Linux box (Redhat 7.2) snort and acid, followingthe instructions (kindly provided onhttp://www.sfhn.net/whites/snort_acid-rpm.html) by Mr. Mark Johnson.


The installation went straightforward and everything seems to work. But...

1) snort seems to detect portscans from nmap only on the host where snortruns. Is this a normal behaviour? It is not clear for me if snort shoulddetect portscans on all the net (or if it should not detect portscans atall).

2) I've not been able to verify if my snort.conf loads correctly. Is therea way to see what rules are loaded?


Thanks to all,
Emanuele Salvador


"The stars are matter, we're matter. But it doesn't matter."

- Don Van Vliet -


_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

As a newbie, two questions Emanuele Salvador (May 03)
- Re: As a newbie, two questions Erek Adams (May 03)
- <Possible follow-ups>
- RE: As a newbie, two questions McCammon, Keith (May 03)
  - Re: As a newbie, two questions Emanuele Salvador (May 03)
- RE: As a newbie, two questions McCammon, Keith (May 03)