[Snort-users] Port scanning

Subba Rao subba9 at ...530...
Mon Sep 17 01:58:01 EDT 2001


I am running Snort with the following command line options.

./bin/snort -l ./logs -c ./etc/snort.conf -o -b -A fast -z est -i eth0 -p -t /usr/snort -g snort -u snort

In "snort.conf" I have the following configuration,

preprocessor stream4: detect_scans
preprocessor portscan: $HOME_NET 4 3 portscan.log

Now, I dial to the Internet using another system and run a portscan on the
Snort box. All I am seeing is some ICMP "Echo Reply" logged into the "alerts"
file. There is nothing logged into "portscan.log" while the ipchains is logging
each port connect attempt into syslog. 

What do I need to modify in the configuration file or on the command line
options to log the port scans?

Thank you in advance for any help.

-- 

Subba Rao
subba9 at ...530...                     http://members.home.net/subba9/
OpenPGP/GPG public key ID CCB7344E

 => Time is relative. Here is a new way to look at time. <=
http://www.smcinnovations.com




More information about the Snort-users mailing list