[Snort-users] Snort not seeing all traffic?
emechler at ...7719...
Thu Apr 24 21:59:04 EDT 2003
:: Ok, following what you said, I looked for the preprocessor lines in my
:: config and saw nothing for portscan2, I created the preprocessor, though I
:: was wondering if I should leave all the values blank?
Check the Manual at snort.org/docs/. It's your friend.
:: Also, I checked the rules and noted that the ones I was concerned about
:: (cmd.exe ...) are activated...why would Snort not see this type of attack
:: (my guess is several reasons, all that are beyond my education level at
:: this moment I fear)?
...and all are mere guesses on my part as well since I'm working with
limited information :) If you recently enabled them, did you restart snort
after doing so? Are your $HOME_NET, $EXTERNAL_NET and $HTTP_PORTS set
properly in your snort.conf? Does snort trigger on other web.iis rules?
Cheers - Erick
More information about the Snort-users