[Snort-devel] sfportscan preproc only logging not alerting open port events

Sandro Poppi spoppi at ...224...
Sun Apr 24 08:26:50 EDT 2005


Hi again,

when looking through spp_sfportscan's code I found that when generating 
open ports events it's only logged but not alerted. In 
GenerateOpenPortEvent() there's

...
     /* reset the thresholding subsystem checks for this packet */
     sfthreshold_reset();

     SetEvent(&event, gen_id, sig_id, sig_rev, class, pri, event_ref);
     //CallAlertFuncs(p,msg,NULL,&event);

     event.ref_time.tv_sec  = event_time->tv_sec;
     event.ref_time.tv_usec = event_time->tv_usec;

     if(p)
     {
...

Creating alerts is already "prepared" but commented out. What's the 
reason for that, or do you see any issues when using

...
     /* reset the thresholding subsystem checks for this packet */
     sfthreshold_reset();

     SetEvent(&event, gen_id, sig_id, sig_rev, class, pri, event_ref);
     event.ref_time.tv_sec  = event_time->tv_sec;
     event.ref_time.tv_usec = event_time->tv_usec;
     CallAlertFuncs(p,msg,NULL,&event);

     if(p)
     {
...

instead?

Thanks,
Sandro
-- 
"Linux is like a wigwam: no windows, no gates ... apache inside!"

http://www.lug-burghausen.org/





More information about the Snort-devel mailing list