[Snort-users] Flow-portscan oddity

Martin Roesch roesch at ...1935...
Tue Apr 13 06:56:12 EDT 2004


Check out README.flow-portscan in the doc directory of your snort 
distro.

      -Marty

On Apr 13, 2004, at 2:31 AM, Guillaume Arcas wrote:

> Kreimendahl, Chad J a dit :
>>
>> Using the default configuration for flow and flow portscan... And
>> testing it on an external interface... We're seeing absolutely no 
>> alerts
>> triggered.  I've attempted using many output mechanisms, hoping that 
>> it
>> wasn't the method we were using, and the results are the same.   I'm
>> 100% positive there were several scans happening on this same 
>> interface,
>> as I ran portscan2 at the same time with a different snort, on the 
>> same
>> interface.   Many noisy ugly alerts from portscan2... Nothing from
>> flow-portscan.
>
> Same for me...
>
> Is there anywhere out of the code itself some documentation about this
> plugin and its configuration ?
>
>
> -- 
> Guillaume Arcas
>
> --------------------------------------------------
> Il faut nous quitter. Nous sommes deux enfants,
> nous avons fait une folie. (Yvonne de Galais)
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Intelligent Security Monitoring
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org





More information about the Snort-users mailing list