Re: [Snort-devel] DCERPC2 Questions

[Steven Sturges <steve.sturges () sourcefire com>]

Hi Michael--

Comments inline.

Cheers.
-steve

Michael Steele wrote:
> I posted this to the developers group and never got a response back. The
> short of it;
>
> 1) Why is it that portscans are not being logged? The portscan.log file is
> being created. Is this a BASE problem or a Snort problem? I know the problem
> has been reported multiple times for months now, at least for Windows.

Portscan is a tricky preprocessor to configure and it depends on
Stream5 for TCP & UDP scans.  I'd investigate your portscan preprocessor
settings, as well as the configuration for BASE... You can try having
Snort log events to the console and see if you get portscan alerts
there.

We've not seen problems reported for the linux platforms.

> 2) For the Windows user it seems that x64 is so prevalent will we be seeing
> a 64bit version of Snort soon?

There are no plans at this time to release binaries for windows 64bit.
Since Snort source code is readily available for each release, it is
easy to get a compiler (from Microsoft or elsewhere) for that platform
and build it.

> Kindest regards,
> Michael...


------------------------------------------------------------------------------
Come build with us! The BlackBerry® Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9-12, 2009. Register now!
http://p.sf.net/sfu/devconf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users