AW: [Snort-users] portscan traffic

Poppi, Sandro Sandro.Poppi at ...3316...
Wed Jul 31 03:42:03 EDT 2002


Eduard,

first of all you'll have to activate the portscanning preprocessor in your
snort.conf (take a look at the shipped snort.conf where good explanations
are included, or use the Snort User's Manual and the FAQs for more info on
that). Then use nmap (www.insecure.orgt/nmap) to scan systems located where
snort listens (BTW, fyodor just released nmap 3.00 a few minutes ago! If
www.insecure.org doesn't work try using the ip# in the hope dns entry is not
spoofed 8).

HTH,
Sandro
> 
> I'm running Snort+ACID+Postgresql and I'd like to know if snort is 
> dtecting portscan traffic, because I see lots of alerts, but none 
> related to portscan traffic. What should I do to test that snort is 
> detecting portscan traffic?.
> Thanks in advance
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by: Dice - The leading online job board
> for high-tech professionals. Search and apply for tech jobs today!
> http://seeker.dice.com/seeker.epl?rel_code=31
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 




More information about the Snort-users mailing list