[Snort-users] Port scanning
subba9 at ...530...
Mon Sep 17 01:58:01 EDT 2001
I am running Snort with the following command line options.
./bin/snort -l ./logs -c ./etc/snort.conf -o -b -A fast -z est -i eth0 -p -t /usr/snort -g snort -u snort
In "snort.conf" I have the following configuration,
preprocessor stream4: detect_scans
preprocessor portscan: $HOME_NET 4 3 portscan.log
Now, I dial to the Internet using another system and run a portscan on the
Snort box. All I am seeing is some ICMP "Echo Reply" logged into the "alerts"
file. There is nothing logged into "portscan.log" while the ipchains is logging
each port connect attempt into syslog.
What do I need to modify in the configuration file or on the command line
options to log the port scans?
Thank you in advance for any help.
subba9 at ...530... http://members.home.net/subba9/
OpenPGP/GPG public key ID CCB7344E
=> Time is relative. Here is a new way to look at time. <=
More information about the Snort-users