Snort mailing list archives

Re: preprocessor sfportscan does not generate alerts

From: waldo kitty <wkitty42 () windstream net>
Date: Fri, 15 Feb 2013 23:10:52 -0500

On 2/15/2013 17:04, Marc Belanger wrote:

Hi,

How do I troubleshoot a Snort install that generates no alert when the
sfportscan preprocessor is activated?


do you have those specific rules enabled?

do your scans follow the specific portscan rules that snort has in the preprocessor?

i have seen some scans that do not trigger because there are no rules for 
them... or they don't comply with the existing rules...


------------------------------------------------------------------------------
The Go Parallel Website, sponsored by Intel - in partnership with Geeknet, 
is your hub for all things parallel software development, from weekly thought 
leadership blogs to news, videos, case studies, tutorials, tech docs, 
whitepapers, evaluation guides, and opinion stories. Check out the most 
recent posts - join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

preprocessor sfportscan does not generate alerts Marc Belanger (Feb 15)
- Re: preprocessor sfportscan does not generate alerts waldo kitty (Feb 15)
  - Re: preprocessor sfportscan does not generate alerts Marc Belanger (Feb 18)
    - Re: preprocessor sfportscan does not generate alerts waldo kitty (Feb 18)
    - Re: preprocessor sfportscan does not generate alerts johnny.venter (Feb 25)
    - Re: preprocessor sfportscan does not generate alerts waldo kitty (Feb 25)