[Snort-users] Only *nix alerts?
snrtlst at ...2792...
Sun Apr 6 11:28:04 EDT 2003
Snort 1.9.1 on RH8
I scan network segment protected with Snort using Nessus. I actually
have scanned only 2 boxes on that network - one Linux box and one NT box.
The alerts I see in Snort are almost all unix-related-namely: squid
proxy attempt, scan proxy attempt 8080, tftp get password, snmp get
alerts, ASF access, amanda version request, DDOS mstream, xdmp query,
samba client access, etc
I don't see any windows-related alerts, which should be produced in tons
by nessus scanning., cause it runs a lot of windows-related test vuln
1. Why I don't see windows-related alerts, any ideas?
2. Generally speaking, nessus runs more than 1000 different scripts for
vuln tests, should I see the similar number of UNIQUE alerts in snort?
In my understanding, snort should be aware of the most atack attemts or
queries nessus produces...
Your favorite stores, helpful shopping tools and great gift ideas.
Experience the convenience of buying online with Shop at ...2793...!
More information about the Snort-users