[Snort-users] snort suddenly stopped to record events

waldo kitty wkitty42 at ...14940...
Fri Jul 26 14:48:53 EDT 2013


On 7/26/2013 10:18, Alex wrote:
> So, what should be commented out in snort.conf or what rules should be
> activated in order to make snort able to detect and identify such network
> scan?

check nmap for what those options generate as packets... then you'll have to 
find or write rules to detect those packets... they may exist already and be 
disabled... i don't know... i had to specifically disable some ICMP rules in my 
locations to turn off alerts from them but i think they were from a different 
supplier... you might also want to use the community rules if you are not 
already... they might have related scan type rules...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.




More information about the Snort-users mailing list