[Snort-users] -S switch not always followed?

Michael Scheidell scheidell at ...5171...
Mon Mar 13 10:54:01 EST 2006


Tcpdump shows 'nessus_tcp_scanner' scanning ports and using source ip
not listed in -S switch.

Nessus 2.2.7, FBSD 4.11.

Nessus startup  nessus -a 127.0.0.1 -S 1.1.1.64,1.1.1.65 -D

REAL ip address 1.1.1.133 
.64 and .65 are pingable aliases

Nessus.rc: built by deseleting all, selecting only nessus_tcp_scanner
and ping scan.

Under prefs, select tcp ping (built-in) and icmp scan (q 6)

Tcpdump shows icmp's being 'sourced' with .64,65, but shows portscanner
sourced at .133.






More information about the Snort-users mailing list