[Snort-users] Flow-portscan oddity

Guillaume Arcas guillaume.arcas at ...953...
Mon Apr 12 23:33:08 EDT 2004


Kreimendahl, Chad J a dit :
>
> Using the default configuration for flow and flow portscan... And
> testing it on an external interface... We're seeing absolutely no alerts
> triggered.  I've attempted using many output mechanisms, hoping that it
> wasn't the method we were using, and the results are the same.   I'm
> 100% positive there were several scans happening on this same interface,
> as I ran portscan2 at the same time with a different snort, on the same
> interface.   Many noisy ugly alerts from portscan2... Nothing from
> flow-portscan.

Same for me...

Is there anywhere out of the code itself some documentation about this
plugin and its configuration ?


-- 
Guillaume Arcas

--------------------------------------------------
Il faut nous quitter. Nous sommes deux enfants,
nous avons fait une folie. (Yvonne de Galais)




More information about the Snort-users mailing list