[Snort-users] Eagle X v2.0

Ueli Kistler iuk at ...1171...
Tue Jun 17 10:25:11 EDT 2003


Hi

- open IDScenter by double-clicking on the icon (btw if an alert occurs 
you can double-click and the viewer is opened)
- Go to "Wizards"->"Preprocessors"
- Open the "Portscan detection" tab
- Try to modifiy the settings "Timeout" and "Ports" ... ex. Timeout = 45 
and Ports = 28

The problem is that the threshold values depend very much on how you are 
surfing / how much traffic is transfered on your network.

Regards,
    Ueli Kistler
    u.kistler at ...9170...
    www.engagesecurity.com (btw this is not a company)

--

cristal_ball at ...2470... wrote:

>i installed eagle to try
>i like it
>very easy
>
>my problem is i get lots of this alerts :
>
> #0-(3-91)        [snort] (spp_portscan2) Portscan detected from 192.168.0.25: 6 targets 6 ports in 18 seconds
>
> i know they are false positive and try to understand the rule but
> cant even find it :( shame on me
>
> can any one help
>
>
>UK> Hello
>UK> Eagle X v2.0, a pre-configured IDS system for Windows platform, is out 
>
>
>
>-------------------------------------------------------
>This SF.Net email is sponsored by: INetU
>Attention Web Developers & Consultants: Become An INetU Hosting Partner.
>Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
>INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>  
>






More information about the Snort-users mailing list