[Snort-users] Missing Portscanners in 2.8 - Flow-Portscan vs stream5
fsonnichsen at ...315...
Mon Mar 24 15:22:17 EDT 2008
I have converted from 2.3.3 to 188.8.131.52.
Running both versions now, the newer version detects fewer portscans and
sweeps. I stated looking into the preprocessors:
Per the doc, stream5 replaces stream4, and also the flow preprocessors.
However, due to the missing detection I decided to add back the
Flow-Portscan. When I do this I get the following message at snort startup:
FATAL ERROR: /etc/snort/snort.conf(806) flow-portscan requires
spp_flow to be enabled!
I cannnot find anything about the option spp_flow or how to turn it on.
More information about the Snort-users