[Snort-users] Snort only produces Steam5 alerts

Joe Seanor joseph.seanor at ...11827...
Fri Sep 27 16:24:09 EDT 2013


I have a new install of snort:

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.9.3.1 IPv6 GRE (Build 40)
   ''''    By Martin Roesch & The Snort Team:
http://www.snort.org/snort/snort-team
           Copyright (C) 1998-2012 Sourcefire, Inc., et al.
           Using libpcap version 1.4.0
           Using PCRE version: 8.30 2012-02-04
           Using ZLIB version: 1.2.7


And it has run for a full 24 hours, and the only alert (50 of them) that I
have is stream5: Reset outside window.  I even ran an external Nmap scan,
and I received a "Portscan alert" and then everything else showed up as a
stream5 alert.

What did I miss in my configuration?

Joe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130927/52799f3c/attachment.html>


More information about the Snort-users mailing list