Home page logo

snort logo Snort mailing list archives

port scan detection
From: Soniya Balram <sonia_balram () yahoo com>
Date: Sun, 19 Oct 2008 21:43:00 -0700 (PDT)

Hi all,
I use Snort version on a windows xp machine. I want to detect port scans. I have enabled sfportscan 
preprocessor. The config is:
preprocessor sfportscan: proto  { all } \
                         memcap { 10000000 } \
                         scan_type { all } \
                         sense_level { high } \
I have also enabled stream4 preprocessor. The config is:
preprocessor stream4: detect_scans

I have not enabled any rules. I use nmap to generate different types of scans but no alerts are generated.

To test snort, I wrote a rule:
alert tcp any any -> any any (msg:"got an tcp packet"; sid:2000000; rev:1;)
This results in alerts. 

Can anyone help.


Send instant messages to your online friends http://uk.messenger.yahoo.com 

This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]