[Snort-users] Port scanning

Subba Rao subba9 at ...530...
Mon Sep 17 01:58:01 EDT 2001

I am running Snort with the following command line options.

./bin/snort -l ./logs -c ./etc/snort.conf -o -b -A fast -z est -i eth0 -p -t /usr/snort -g snort -u snort

In "snort.conf" I have the following configuration,

preprocessor stream4: detect_scans
preprocessor portscan: $HOME_NET 4 3 portscan.log

Now, I dial to the Internet using another system and run a portscan on the
Snort box. All I am seeing is some ICMP "Echo Reply" logged into the "alerts"
file. There is nothing logged into "portscan.log" while the ipchains is logging
each port connect attempt into syslog. 

What do I need to modify in the configuration file or on the command line
options to log the port scans?

Thank you in advance for any help.


Subba Rao
subba9 at ...530...                     http://members.home.net/subba9/
OpenPGP/GPG public key ID CCB7344E

 => Time is relative. Here is a new way to look at time. <=

More information about the Snort-users mailing list