[Snort-users] Snort not seeing all traffic?

Erick Mechler emechler at ...7719...
Thu Apr 24 21:59:04 EDT 2003


:: Ok, following what you said, I looked for  the preprocessor lines in my 
:: config and saw nothing for portscan2, I created the preprocessor, though I 
:: was wondering if I should leave all the values  blank?

Check the Manual at snort.org/docs/.  It's your friend.

:: Also, I checked the rules and noted that the ones I was concerned about 
:: (cmd.exe ...) are activated...why would Snort not see this type of attack 
:: (my guess is several reasons, all that are beyond my education level at 
:: this moment I fear)?

...and all are mere guesses on my part as well since I'm working with
limited information :)  If you recently enabled them, did you restart snort
after doing so?  Are your $HOME_NET, $EXTERNAL_NET and $HTTP_PORTS set
properly in your snort.conf?  Does snort trigger on other web.iis rules?  

Cheers - Erick




More information about the Snort-users mailing list