[Snort-users] Snort-users Digest, Vol 75, Issue 15

Dang Le Nam lenam.cntp at ...11827...
Mon Aug 13 09:51:49 EDT 2012


Message 3: 

hi experts, I'd like to use portscan preprocessor for detect nmap scan, But it' can't works, could you give me some hint? many thx! 
please see snort.conf as attached, I'm not sure how to do let portscan works for now!

 

 

I guess you use snort more 2.9.x. Please open “#”  line:  617,618 and try it 

###################################################

    612 # Step #8: Customize your preprocessor and decoder alerts

    613 # For more information, see README.decoder_preproc_rules

   614 ###################################################

    615 

    616 # decoder and preprocessor event rules

    617  include $PREPROC_RULE_PATH/preprocessor.rules

    618  include $PREPROC_RULE_PATH/decoder.rules

    619 # include $PREPROC_RULE_PATH/sensitive-data.rules

 

--------------------

Đặng Lê Nam

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120813/54e33f3f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.emz
Type: application/octet-stream
Size: 2566 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120813/54e33f3f/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: application/octet-stream
Size: 5804 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120813/54e33f3f/attachment-0001.obj>


More information about the Snort-users mailing list