[Snort-users] Snort- on FC6 fail to log Nmap TCP portscans.

Justin Heath justin.heath at ...11827...
Mon Oct 30 13:22:49 EST 2006

What does you sf_portscan config look like?

On 10/30/06, Daniel <saragon at ...5693...> wrote:
> As the subject hints, I have some problems catching portscans with snort
> on the latest fedora release. I've tried using snort-mysql and
> snort-bloat from fedora-extras as well as compiling from source and none
> of them log portscans for some reason.
> I'm using the default config for snort. I've tried the default config
> for sfportscan. I've tried changing the sfportscan sense_level to high.
> I've tried adding scan_type { all }.
> So, what am I missing here? Why won't it log Nmap portscans when I hit
> it with 'nmap -sS/sT/sA/sN/sF snort-host' from a host on the same
> network? If I scan the snort machine with nessus from the same host, it
> catches the UDP port scan:
> <snip>
> 10/30-09:14:49.310164  [**] [122:17:0] (portscan) UDP Portscan [**]
> {PROTO255} ->
> </snip>
> Any help would be greatly appreciated.
> Best regards /d'.
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job
> easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20061030/69f47f00/attachment.html>

More information about the Snort-users mailing list