[Snort-users] Only *nix alerts?

Keg snrtlst at ...2792...
Sun Apr 6 11:28:04 EDT 2003


Snort 1.9.1 on RH8
I scan network segment protected with Snort using Nessus. I actually 
have scanned only 2 boxes on that network - one Linux box and one NT box.
The alerts I see in Snort are almost all unix-related-namely: squid 
proxy attempt, scan proxy attempt 8080, tftp get password, snmp get 
alerts, ASF access, amanda version request, DDOS mstream, xdmp query, 
samba client access, etc
I don't see any windows-related alerts, which should be produced in tons 
by nessus scanning., cause it runs a lot of windows-related test vuln 
scripts.
Question:
1. Why I don't see windows-related alerts, any ideas?
2. Generally speaking, nessus runs more than 1000 different scripts for 
vuln tests, should I see the similar number of UNIQUE alerts in snort? 
In my understanding, snort should be aware of the most atack attemts or 
queries nessus produces...

Thanks.
-- 
Your favorite stores, helpful shopping tools and great gift ideas. 
Experience the convenience of buying online with Shop at ...2793...! 
http://shopnow.netscape.com/





More information about the Snort-users mailing list