Snort mailing list archives

Previous By Date Next
Previous By Thread Next

@portscan log not showing all decoys

From: anagha b <banagha3 () gmail com>
Date: Tue, 19 Nov 2013 17:57:06 +0530
Hi,

My sfportscan setting is as follows

preprocessor sfportscan: proto { all }  scan_type { all } sense_level { low
} logfile { /var/log/snort/portscan.log }

I tried to nmap decoy scan on host 192.168.X.1  from 192.168.X.2

nmap -D 192.168.2.214 *192.168.2.213* 192.168.X.2  [*firewall Disable* on
both the hosts]

The portscan log is ->

Time: 11/19-16:59:27.309554
event_ref: 0
192.168.x.2 -> 192.168.x.1 (portscan) TCP Portscan
Priority Count: 9
Connection Count: 9
IP Count: 9
Scanner IP Range: 192.168.2.214:192.168.x.2
Port/Proto Count: 5
Port/Proto Range: 135:3389

* only one first  decoy ip shown not other decoys.*

*Is their any other way to get decoy ips and I am missing something?*
*snort.log file  is empty always.*
*plz help.*

Thanks.

------------------------------------------------------------------------------
Shape the Mobile Experience: Free Subscription
Software experts and developers: Be at the forefront of tech innovation.
Intel(R) Software Adrenaline delivers strategic insight and game-changing 
conversations that shape the rapidly evolving mobile landscape. Sign up now. 
http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: