[Snort-users] nmap ack scans

Philipp Snizek mailinglists at ...1153...
Fri Apr 20 05:17:07 EDT 2001


Dear list users,

I'm now running since several days Snort 1.7 with the lastest ruleset.
Active Rulesets are:

#include local.rules
include /snortrules/exploit.rules
include /snortrules/scan.rules
include /snortrules/finger.rules
include /snortrules/ftp.rules
include /snortrules/telnet.rules
include /snortrules/smtp.rules
include /snortrules/rpc.rules
include /snortrules/rservices.rules
include /snortrules/backdoor.rules
include /snortrules/dos.rules
include /snortrules/ddos.rules
include /snortrules/dns.rules
#include /snortrules/netbios.rules
#include /snortrules/sql.rules
include /snortrules/web-cgi.rules
include /snortrules/web-coldfusion.rules
include /snortrules/web-frontpage.rules
include /snortrules/web-misc.rules
include /snortrules/web-iis.rules
include /snortrules/icmp.rules
include /snortrules/misc.rules
#include policy.rules
#include info.rules
#include virus.rules

Why are nmap ack scans not seen by snort?

Thank you
Philipp





More information about the Snort-users mailing list