[Snort-devel] DCERPC2 Questions

Todd Wease twease at ...402...
Tue Sep 22 10:26:36 EDT 2009


Answers inline.

On 09/22/2009 08:52 AM, Michael Steele wrote:
> I posted this to the developers group and never got a response back. The
> short of it;
>
> 1) Why is it that portscans are not being logged? The portscan.log file is
> being created. Is this a BASE problem or a Snort problem? I know the problem
> has been reported multiple times for months now, at least for Windows.

Make sure your snort.conf includes the preprocessor.rules file in 
preproc_rules/.  On startup you should see something like:

Initializing rule chains...
...
    177 preprocessor rules
...

I just ran an nmap at a Windows box running Snort 2.8.5 and got portscan 
events.  I can't speak for BASE, but the Snort alert.ids contained 
portscan events.

>
> 2) For the Windows user it seems that x64 is so prevalent will we be seeing
> a 64bit version of Snort soon?

There are currently no plans to do this.  It's low priority and we don't 
really have the resources to take this on right now.

>
> Kindest regards,
> Michael...
>
>
> ------------------------------------------------------------------------------
> Come build with us! The BlackBerry® Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay
> ahead of the curve. Join us from November 9-12, 2009. Register now!
> http://p.sf.net/sfu/devconf
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel




More information about the Snort-devel mailing list