[Snort-users] Port scanning
subba9 at ...530...
Tue Sep 18 02:47:02 EDT 2001
On 0, Erek Adams <erek at ...577...> wrote:
> On Mon, 17 Sep 2001, Subba Rao wrote:
> > Now, I dial to the Internet using another system and run a portscan on the
> > Snort box. All I am seeing is some ICMP "Echo Reply" logged into the "alerts"
> > file. There is nothing logged into "portscan.log" while the ipchains is logging
> > each port connect attempt into syslog.
> Actually, a little research gives this answer:
> :) Guess I was right!
Thanks for the pointer. I thought Snort uses libpcap for capturing the packets.
On my system (with iptables), I do log all the Internet traffic using 'tcpdump'.
Obviously 'tcpdump' is capturing packets before iptables see them.
subba9 at ...530... http://members.home.net/subba9/
OpenPGP/GPG public key ID CCB7344E
=> Time is relative. Here is a new way to look at time. <=
More information about the Snort-users