[Snort-sigs] Portscan reporting

Antony J. Shepherd antony.s at ...1308...
Mon Feb 17 06:57:12 EST 2003


> -----Original Message-----
> From: Robert Wagner [mailto:rwagner at ...447...]
> Sent: 17 February 2003 14:19
> To: 'antony.s at ...1308...'; snort-sigs at lists.sourceforge.net
> Subject: RE: [Snort-sigs] Portscan reporting
>
>
> What are the settings for portscan in snort.conf?
>
preprocessor portscan: $DTS_NET 4 3 /var/log/snort/portscan.log

where DTS_NET is our range of IP addresses.

The reason I'm not using portscan2 is because that doesn't get picked up by
ACID which I'm using to keep track of what's going on.

Antony J. Shepherd.





More information about the Snort-sigs mailing list