[Snort-users] Portscan detection

Mads Krog-Jensen mkj at ...2090...
Wed May 23 09:56:25 EDT 2001


I have set up snort on a win2k box.

I use the rules that you pr. default can download from the snort website, and according what I can read from the website it already makes an alert when someon is portscanning me.

Anyway, I did a test with a portscan with these settings, and snort did not log anything to the alert file. 

By reading the rule files, I can see that it looks for a connection on 3 diffrent ports within 3 seconds or something like that! I set it up to 10 seconds, but still no alert!

Anyone have any idea why it's not loggin the portscan!

Any feedback would be nice.

Thanks

Keep cool

Mads Jensen
Multica International
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010523/ba7cafbb/attachment.html>


More information about the Snort-users mailing list