[Snort-users] Eagle X v2.0

Ueli Kistler iuk at ...1171...
Tue Jun 17 10:25:11 EDT 2003


- open IDScenter by double-clicking on the icon (btw if an alert occurs 
you can double-click and the viewer is opened)
- Go to "Wizards"->"Preprocessors"
- Open the "Portscan detection" tab
- Try to modifiy the settings "Timeout" and "Ports" ... ex. Timeout = 45 
and Ports = 28

The problem is that the threshold values depend very much on how you are 
surfing / how much traffic is transfered on your network.

    Ueli Kistler
    u.kistler at ...9170...
    www.engagesecurity.com (btw this is not a company)


cristal_ball at ...2470... wrote:

>i installed eagle to try
>i like it
>very easy
>my problem is i get lots of this alerts :
> #0-(3-91)        [snort] (spp_portscan2) Portscan detected from 6 targets 6 ports in 18 seconds
> i know they are false positive and try to understand the rule but
> cant even find it :( shame on me
> can any one help
>UK> Hello
>UK> Eagle X v2.0, a pre-configured IDS system for Windows platform, is out 
>This SF.Net email is sponsored by: INetU
>Attention Web Developers & Consultants: Become An INetU Hosting Partner.
>Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
>INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:

More information about the Snort-users mailing list