[Snort-users] As a newbie, two questions
lele at ...5772...
Fri May 3 08:24:02 EDT 2002
I recently installed on a Linux box (Redhat 7.2) snort and acid, following
the instructions (kindly provided on
http://www.sfhn.net/whites/snort_acid-rpm.html) by Mr. Mark Johnson.
The installation went straightforward and everything seems to work. But...
1) snort seems to detect portscans from nmap only on the host where snort
runs. Is this a normal behaviour? It is not clear for me if snort should
detect portscans on all the net (or if it should not detect portscans at
2) I've not been able to verify if my snort.conf loads correctly. Is there
a way to see what rules are loaded?
Thanks to all,
"The stars are matter, we're matter. But it doesn't matter."
- Don Van Vliet -
More information about the Snort-users