[Snort-users] Portscan detection
mkj at ...2090...
Wed May 23 09:56:25 EDT 2001
I have set up snort on a win2k box.
I use the rules that you pr. default can download from the snort website, and according what I can read from the website it already makes an alert when someon is portscanning me.
Anyway, I did a test with a portscan with these settings, and snort did not log anything to the alert file.
By reading the rule files, I can see that it looks for a connection on 3 diffrent ports within 3 seconds or something like that! I set it up to 10 seconds, but still no alert!
Anyone have any idea why it's not loggin the portscan!
Any feedback would be nice.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users