[Snort-users] Only *nix alerts?

Keg snrtlst at ...2792...
Sun Apr 6 11:28:04 EDT 2003

Snort 1.9.1 on RH8
I scan network segment protected with Snort using Nessus. I actually 
have scanned only 2 boxes on that network - one Linux box and one NT box.
The alerts I see in Snort are almost all unix-related-namely: squid 
proxy attempt, scan proxy attempt 8080, tftp get password, snmp get 
alerts, ASF access, amanda version request, DDOS mstream, xdmp query, 
samba client access, etc
I don't see any windows-related alerts, which should be produced in tons 
by nessus scanning., cause it runs a lot of windows-related test vuln 
1. Why I don't see windows-related alerts, any ideas?
2. Generally speaking, nessus runs more than 1000 different scripts for 
vuln tests, should I see the similar number of UNIQUE alerts in snort? 
In my understanding, snort should be aware of the most atack attemts or 
queries nessus produces...

Your favorite stores, helpful shopping tools and great gift ideas. 
Experience the convenience of buying online with Shop at ...2793...! 

More information about the Snort-users mailing list