[Snort-users] Portscan detection

Neil Dickey neil at ...1633...
Wed May 23 12:05:29 EDT 2001


"Mads Krog-Jensen" <mkj at ...2090...> wrote asking:

>I have set up snort on a win2k box.
[ ... ]
>Anyway, I did a test with a portscan with these settings, and snort
>did not log anything to the alert file. 
>
>By reading the rule files, I can see that it looks for a connection
>on 3 diffrent ports within 3 seconds or something like that! I set
>it up to 10 seconds, but still no alert!
>
>Anyone have any idea why it's not loggin the portscan!

I have seen something similar.  The portscan preprocessor is now
being re-written, and I've sent my stuff off to the fellow in charge.
He tells me it will be fixed.

Best regards,

Neil Dickey, Ph.D.
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois
60115




More information about the Snort-users mailing list