[Snort-users] Snort-2.1.3 Portscan

Scott Elgram SElgram at ...10477...
Mon Aug 16 08:46:09 EDT 2004


Hello,
    I am trying to configure a SNORT 2.1.3 system with MySql and Acid.  I
have it all up and running just fine right now except for one thing.  I
can't seem to get anything to register in the port scan traffic section of
Acid.  I have looked through my Snort.conf for anything and found the
flow-portscan preprocessor.  I uncommented it and configured it as follows:
--------------------------------------------------------
preprocessor flow-portscan: \
unique-memcap 5000000 \
unique-rows 50000 \
server-watchnet [192.168.0.0/24] \
server-learning-time 300 \
server-scanner-limit 50 \
alert-mode once \
output-mode msg \
tcp-penalties on
--------------------------------------------------------

    Even with this configuration I still can't seem to get anything to
register in that particular section.  I am using superscan and scanning
various IP's on the network SNORT is watching.  Have I configured this wrong
maybe?

Thanks,
-Scott






More information about the Snort-users mailing list