Home page logo

snort logo Snort mailing list archives

Re: rules file doesn't work properly, no DoS or portscan detected...
From: Joel Esler <jesler () sourcefire com>
Date: Fri, 24 May 2013 18:28:14 -0400

On May 24, 2013, at 11:31 AM, Gijs van der Velden <gijsvandervelden () live nl> wrote:

Hello everyone,

I've managed to setup snort on Windows Server 2012 and successfully run it, however DoS or portscan  attacks are not 
being logged... 
I tried doing a nmap scan and a 10 sec DoS with loic, but neither where loged.

I've made a post about this here: http://winsnort.com/index.php?name=PNphpBB2&file=viewtopic&p=4554#4554
and tried out the test rule which logs everything.
That rule did work fine.

Anyone knows how I can resolve this and use snort to detect incoming DoS and DDoS attacks?

Are you receiving any packets on the interface that Snort is sniffing?
Are you sniffing the right interface?
What does your snort.conf look like?
What does your Snort startup command line look like?
What output do you get when you run that command?

Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]