[Snort-users] Missing Portscanners in 2.8 - Flow-Portscan vs stream5

frederick sonnichsen fsonnichsen at ...315...
Mon Mar 24 15:22:17 EDT 2008


I have converted from 2.3.3 to 2.8.0.2.
Running both versions now, the newer version detects fewer portscans and 
sweeps. I stated looking into the preprocessors:

Per the doc, stream5 replaces stream4, and also the flow preprocessors.
However, due to the missing detection I decided to add back the 
Flow-Portscan. When I do this I get the following message at snort startup:
      FATAL ERROR: /etc/snort/snort.conf(806) flow-portscan requires 
spp_flow to be enabled!

I cannnot find anything about the option spp_flow or how to turn it on.
Any ideas?
Thanks
Fritz





More information about the Snort-users mailing list