[Snort-users] Snort won't detect any portscan activity
alen.salamun at ...4998...
Sun Feb 17 03:36:02 EST 2002
I have been trying to get snort up and running on my Mandrake 8.1.
Everything works OK, but snort won't detect anykind of portscans
(nmap -sS, -sT) at all. Portscans go through I don't block them with
iptables. I tried some other rules and they worked.
I have mandrake 8.1 and Snort 1.8.3 precompiled from site and even
recompiled it myself. Configuration:
var HOME_NET 192.168.1.0/24
var EXTERNAL_NET any
var SMTP $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var DNS_SERVERS $HOME_NET
preprocessor stream4: detect_scans
preprocessor http_decode: 80 -unicode -cginull
preprocessor rpc_decode: 111
preprocessor bo: -nobrute
preprocessor portscan: $HOME_NET 3 5 /var/log/snort/portscan.log
and all the normal includes....
Where Do I lie wrong?
More information about the Snort-users