Snort mailing list archives
port scan detection
From: Soniya Balram <sonia_balram () yahoo com>
Date: Sun, 19 Oct 2008 21:43:00 -0700 (PDT)
Hi all, I use Snort version 2.8.3.1 on a windows xp machine. I want to detect port scans. I have enabled sfportscan preprocessor. The config is: preprocessor sfportscan: proto { all } \ memcap { 10000000 } \ scan_type { all } \ sense_level { high } \ detect_ack_scans I have also enabled stream4 preprocessor. The config is: preprocessor stream4: detect_scans I have not enabled any rules. I use nmap to generate different types of scans but no alerts are generated. To test snort, I wrote a rule: alert tcp any any -> any any (msg:"got an tcp packet"; sid:2000000; rev:1;) This results in alerts. Can anyone help. Regards Soniya Send instant messages to your online friends http://uk.messenger.yahoo.com ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- port scan detection Soniya Balram (Oct 19)
- <Possible follow-ups>
- Re: port scan detection Soniya Balram (Oct 23)