[Snort-users] New to snort...what do these mean???
agent33 at ...187...
Wed Oct 11 11:36:23 EDT 2000
> >> how can i tell which port they are scanning
> This basic concept of a portscan is this: an attacker scans a
> wide range of
> ports on your computer
> to determine which ones are open. Thus there is no one port they are
> scanning. If you want to know
> what RANGE of ports they are scanning, take a look at the
> various alerts in
> That should give you some idea (replace <attacking.ip> with
> the IP address
> of the person who is scanning
Portscans picked up by the preprocessor don't log to the %logdir%/%ipaddy%.
They log to the snort.portscan file in your alert dir.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users