[Snort-users] Snort rules

sEc nErD umkcguy1978 at ...131...
Tue Feb 8 12:18:54 EST 2005

I ahve a question for security admins here.

Our client performed an internal port scan using super scan on their internal network.When i say internal network i mean private network LAN.

Our snort sensor didnt catch any of it the whole port scan and aftre doing some diggging i saw the scan.rules file and saw that it is checking all inbound 

port scans like $external any-->$Home Network 

Now the client is questioning us as to why this should not be checked both ways..he is saying if it is somebody in their network doing a port scan it will go unnoticed.

can anybody answer this?


Do you Yahoo!?
 Yahoo! Mail - 250MB free storage. Do more. Manage less.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050208/3e50a74e/attachment.html>

More information about the Snort-users mailing list