Snort mailing list archives

no portscan traffic

From: Adam Denenberg <straightflush () gmail com>
Date: Wed, 21 Jul 2004 13:44:14 -0400

i have flow-portscan2 enabled in snort.conf but no portscan traffic is
showing up in acid.  here are my plugins

any ideas?

[root@ids1 docs]# grep preprocessor /etc/snort/snort.conf

preprocessor frag2:  timeout 35, memcap 4194304, min_ttl 3, ttl_limit 8
preprocessor stream4: detect_scans, timeout 35, memcap 32000000, min_ttl 3, 
preprocessor stream4_reassemble: both, ports all
preprocessor http_inspect: global proxy_alert iis_unicode_map 
preprocessor http_inspect_server: server default profile all ports { 80 443 } 
preprocessor http_inspect_server: server 207.241.152.130  bare_byte no
preprocessor http_inspect_server: server 207.241.153.143  bare_byte no
preprocessor http_inspect_server: server 207.241.152.242  bare_byte no
preprocessor http_inspect_server: server 207.241.152.249  bare_byte no
preprocessor flow: stats_interval 0 hash 2
preprocessor flow-portscan: \
preprocessor rpc_decode: 111 32771
#preprocessor bo
preprocessor telnet_decode
#preprocessor arpspoof #preprocessor arpspoof_detect_host:
192.168.40.1 f0:0f:00:f0:0f:00


thanks
adam


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

no portscan traffic Adam Denenberg (Jul 21)
- <Possible follow-ups>
- RE: no portscan traffic Murray, Todd (Jul 21)
  - Re: no portscan traffic Max Valdez (Jul 23)