Re: Snort not seeing all traffic?

[Erick Mechler <emechler () techometer net>]

:: Ok, following what you said, I looked for  the preprocessor lines in my 
:: config and saw nothing for portscan2, I created the preprocessor, though I 
:: was wondering if I should leave all the values  blank?

Check the Manual at snort.org/docs/.  It's your friend.

:: Also, I checked the rules and noted that the ones I was concerned about 
:: (cmd.exe ...) are activated...why would Snort not see this type of attack 
:: (my guess is several reasons, all that are beyond my education level at 
:: this moment I fear)?

...and all are mere guesses on my part as well since I'm working with
limited information :)  If you recently enabled them, did you restart snort
after doing so?  Are your $HOME_NET, $EXTERNAL_NET and $HTTP_PORTS set
properly in your snort.conf?  Does snort trigger on other web.iis rules?  

Cheers - Erick


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users