[Snort-users] not seeing Flow-Portscan messages

Larry Wichman larrywichman at ...131...
Wed Oct 20 08:58:48 EDT 2004


I have enabled the Flow-Portscan module but I do not
see scans in my MySQL db. I do have the portscan
preprocessor running and sendng alerts to a flat file.
So, I know I am getting scanned. 

preprocessor flow-portscan: \

      talker-sliding-scale-factor 0.50 \

      talker-fixed-threshold 30 \

      talker-sliding-threshold 30 \

      talker-sliding-window 20 \

      talker-fixed-window 30 \

      scoreboard-rows-talker 30000 \

      server-watchnet [x.x.x.x/xx,x.x.x.x./xx \

      server-ignore-limit 200 \

      server-rows 65535 \

      server-learning-time 7200 \

      server-scanner-limit 4 \

      scanner-sliding-window 20 \

      scanner-sliding-scale-factor 0.50 \

      scanner-fixed-threshold 15 \

      scanner-sliding-threshold 40 \

      scanner-fixed-window 15 \

      scoreboard-rows-scanner 30000 \

#     src-ignore-net [192.168.1.1/32,192.168.0.0/24] \

#     dst-ignore-net [10.0.0.0/30] \

      alert-mode once \

      output-mode msg \

      tcp-penalties on

 

 




		
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com




More information about the Snort-users mailing list