Snort mailing list archives
Re: Eagle X v2.0
From: Ueli Kistler <iuk () gmx ch>
Date: Tue, 17 Jun 2003 19:24:48 +0200
Hi- open IDScenter by double-clicking on the icon (btw if an alert occurs you can double-click and the viewer is opened)
- Go to "Wizards"->"Preprocessors" - Open the "Portscan detection" tab- Try to modifiy the settings "Timeout" and "Ports" ... ex. Timeout = 45 and Ports = 28
The problem is that the threshold values depend very much on how you are surfing / how much traffic is transfered on your network.
Regards, Ueli Kistler u.kistler () engagesecurity com www.engagesecurity.com (btw this is not a company) -- cristal_ball () libero it wrote:
i installed eagle to try i like it very easy my problem is i get lots of this alerts : #0-(3-91) [snort] (spp_portscan2) Portscan detected from 192.168.0.25: 6 targets 6 ports in 18 seconds i know they are false positive and try to understand the rule but cant even find it :( shame on me can any one help UK> HelloUK> Eagle X v2.0, a pre-configured IDS system for Windows platform, is out------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ANNOUNCEMENT: Eagle X v2.0 available on http://www.engagesecurity.com Ueli Kistler (Jun 16)
- Eagle X v2.0 cristal_ball (Jun 17)
- Re: Eagle X v2.0 Ueli Kistler (Jun 17)
- performance concern Francisco Morosini (Jun 17)
- Re: performance concern Erek Adams (Jun 17)
- Re: performance concern Matt Kettler (Jun 17)
- Re: Eagle X v2.0 Ueli Kistler (Jun 17)
- Eagle X v2.0 cristal_ball (Jun 17)
- Questions about Eagle X v2.0 LucAdmin (Jun 19)