[Snort-users] Portscan detection
neil at ...1633...
Wed May 23 12:05:29 EDT 2001
"Mads Krog-Jensen" <mkj at ...2090...> wrote asking:
>I have set up snort on a win2k box.
[ ... ]
>Anyway, I did a test with a portscan with these settings, and snort
>did not log anything to the alert file.
>By reading the rule files, I can see that it looks for a connection
>on 3 diffrent ports within 3 seconds or something like that! I set
>it up to 10 seconds, but still no alert!
>Anyone have any idea why it's not loggin the portscan!
I have seen something similar. The portscan preprocessor is now
being re-written, and I've sent my stuff off to the fellow in charge.
He tells me it will be fixed.
Neil Dickey, Ph.D.
Northern Illinois University
More information about the Snort-users