[Snort-users] no portscan traffic

Adam Denenberg straightflush at ...11827...
Wed Jul 21 10:45:06 EDT 2004


i have flow-portscan2 enabled in snort.conf but no portscan traffic is
showing up in acid.  here are my plugins

any ideas?

[root at ...9745... docs]# grep preprocessor /etc/snort/snort.conf

preprocessor frag2:  timeout 35, memcap 4194304, min_ttl 3, ttl_limit 8
preprocessor stream4: detect_scans, timeout 35, memcap 32000000, min_ttl 3, 
preprocessor stream4_reassemble: both, ports all
preprocessor http_inspect: global proxy_alert iis_unicode_map 
preprocessor http_inspect_server: server default profile all ports { 80 443 } 
preprocessor http_inspect_server: server 207.241.152.130  bare_byte no
preprocessor http_inspect_server: server 207.241.153.143  bare_byte no
preprocessor http_inspect_server: server 207.241.152.242  bare_byte no
preprocessor http_inspect_server: server 207.241.152.249  bare_byte no
preprocessor flow: stats_interval 0 hash 2
preprocessor flow-portscan: \
preprocessor rpc_decode: 111 32771
#preprocessor bo
preprocessor telnet_decode
#preprocessor arpspoof #preprocessor arpspoof_detect_host:
192.168.40.1 f0:0f:00:f0:0f:00


thanks
adam




More information about the Snort-users mailing list