[Snort-devel] DCERPC2 Questions

Steven Sturges steve.sturges at ...402...
Tue Sep 22 09:40:15 EDT 2009

Hi Michael--

Comments inline.


Michael Steele wrote:
> I posted this to the developers group and never got a response back. The
> short of it;
> 1) Why is it that portscans are not being logged? The portscan.log file is
> being created. Is this a BASE problem or a Snort problem? I know the problem
> has been reported multiple times for months now, at least for Windows.

Portscan is a tricky preprocessor to configure and it depends on
Stream5 for TCP & UDP scans.  I'd investigate your portscan preprocessor
settings, as well as the configuration for BASE... You can try having
Snort log events to the console and see if you get portscan alerts

We've not seen problems reported for the linux platforms.

> 2) For the Windows user it seems that x64 is so prevalent will we be seeing
> a 64bit version of Snort soon?

There are no plans at this time to release binaries for windows 64bit.
Since Snort source code is readily available for each release, it is
easy to get a compiler (from Microsoft or elsewhere) for that platform
and build it.

> Kindest regards,
> Michael...

More information about the Snort-devel mailing list