[Snort-users] sfPortScan - Snort

Tim Clarkson timothyclarkson at ...125...
Mon Dec 21 06:05:17 EST 2009

Hi there everyone,
I have snort up and running thanks to everything I have read here.  I now have a problem with the sfPortScan part of the configuration.
sfPortscan is creating a log file and detecting the portscan activity (some times), I am using nmap from another machine to generate the scan activity. The main issue I have is it does not generate an alert but only writes to the log file.


If someone could point me in the right direction it would be appreciated.
Tim Clarkson

P.S. is sfPortScan a bit flaky on the detection, even set to high it is not getting all the activity. 


View photos of singles in your area. Click here 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20091222/fd863725/attachment.html>

More information about the Snort-users mailing list