[Snort-users] New to snort...what do these mean???

Steve Halligan agent33 at ...187...
Wed Oct 11 11:36:23 EDT 2000


> >> how can i tell which port they are scanning
> 
> This basic concept of a portscan is this: an attacker scans a 
> wide range of
> ports on your computer
> to determine which ones are open. Thus there is no one port they are
> scanning. If you want to know
> what RANGE of ports they are scanning, take a look at the 
> various alerts in
> /var/log/snort/<attacking.ip>.
> That should give you some idea (replace <attacking.ip> with 
> the IP address
> of the person who is scanning
> you).
Portscans picked up by the preprocessor don't log to the %logdir%/%ipaddy%.
They log to the snort.portscan file in your alert dir.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20001011/8ab92768/attachment.html>


More information about the Snort-users mailing list