[Snort-users] As a newbie, two questions

Emanuele Salvador lele at ...5772...
Fri May 3 08:24:02 EDT 2002


I recently installed on a Linux box (Redhat 7.2) snort and acid, following 
the instructions (kindly provided on 
http://www.sfhn.net/whites/snort_acid-rpm.html) by Mr. Mark Johnson.

The installation went straightforward and everything seems to work. But...

1) snort seems to detect portscans from nmap only on the host where snort 
runs. Is this a normal behaviour? It is not clear for me if snort should 
detect portscans on all the net (or if it should not detect portscans at 
all).

2) I've not been able to verify if my snort.conf loads correctly. Is there 
a way to see what rules are loaded?

Thanks to all,
Emanuele Salvador


"The stars are matter, we're matter. But it doesn't matter."

- Don Van Vliet -





More information about the Snort-users mailing list