[Snort-users] UDP Portscans Are Not Capture
gvidakis at ...7022...
Mon Sep 30 06:52:03 EDT 2002
I run snort Version 1.8.3 (Build 88) in linux 7.2 (2.4.17) which alert me for the udp portscans correctly (portscan.log, snort.fast,snort.full)
BUT when i run snort Version 1.8.7 (Build 128) in linux 7.3 (2.4.18-3) with the same snort.conf and a snort binary file as the input (-r), captured from 1.8.3, which had alerted me about udp portscans), snort 1.8.7 does not alert the udp portscans!!!
Below is the snort.conf which i use for the 2 sensors.
var HOME_NET any
var EXTERNAL_NET any
var SMTP_SERVERS $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var HTTP_PORTS any
preprocessor stream4: detect_scans
preprocessor http_decode: 80 -unicode -cginull
preprocessor rpc_decode: 111
preprocessor portscan: $HOME_NET 4 3 portscan.log
output log_tcpdump: snort.log
output alert_full: snort_full
output alert_fast: snort_fast
does anyone have an idea about what is wrong??
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users