Re: snort suddenly stopped to record events

[waldo kitty <wkitty42 () windstream net>]

On 7/26/2013 10:18, Alex wrote:
> So, what should be commented out in snort.conf or what rules should be
> activated in order to make snort able to detect and identify such network
> scan?

check nmap for what those options generate as packets... then you'll have to 
find or write rules to detect those packets... they may exist already and be 
disabled... i don't know... i had to specifically disable some ICMP rules in my 
locations to turn off alerts from them but i think they were from a different 
supplier... you might also want to use the community rules if you are not 
already... they might have related scan type rules...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!