<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="IncrediMail 1.0" name=GENERATOR>
<!--IncrdiXMLRemarkStart>
<IncrdiX-Info>
<X-FID>FLAVOR00-NONE-0000-0000-000000000000</X-FID>
<X-FVER>3.0</X-FVER>
<X-CNT>;</X-CNT>
</IncrdiX-Info>
<IncrdiXMLRemarkEnd-->
</HEAD>
<BODY style="BACKGROUND-POSITION: 0px 0px; FONT-SIZE: 12pt; MARGIN: 5px 10px 10px; FONT-FAMILY: Arial" bgColor=#ffffff background="" scroll=yes ORGYPOS="0" X-FVER="3.0">
<TABLE id=INCREDIMAINTABLE cellSpacing=0 cellPadding=2 width="100%" border=0>
<TBODY>
<TR>
<TD id=INCREDITEXTREGION style="FONT-SIZE: 12pt; CURSOR: auto; FONT-FAMILY: Arial" width="100%">
<TABLE id=INCREDIMAINTABLE cellSpacing=0 cellPadding=2 width="100%" border=0>
<TBODY>
<TR>
<TD id=INCREDITEXTREGION style="FONT-SIZE: 12pt; CURSOR: auto; FONT-FAMILY: Arial" width="100%">
<DIV>I recently configured Snort...as a newbie i don't know all the ins and outs and maybe i didn't get the whole IDS story .</DIV>
<DIV>I'm portscanning myself crazy , but i can't see anything in the logs . They stay empty all the time .</DIV>
<DIV> </DIV>
<DIV>any ideas ? (i use iptables on the linux server )</DIV>
<DIV><STRONG></STRONG> </DIV>
<DIV><STRONG></STRONG> </DIV>
<DIV><STRONG>Starting with :</STRONG></DIV>
<DIV> </DIV>
<DIV>snort -v -c  /etc/snort.conf -D -i eth0</DIV>
<DIV> </DIV>
<DIV><STRONG>Snort.Conf</STRONG> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>var HOME_NET 192.168.0.1/24<BR>var EXTERNAL_NET any<BR>var SMTP $HOME_NET<BR>var RULE_PATH /root/Snort_Rules</DIV>
<DIV> </DIV>
<DIV>preprocessor frag2<BR>preprocessor stream4: detect_scans<BR>preprocessor stream4_reassemble<BR>preprocessor portscan: $HOME_NET 4 3 portscan.log</DIV>
<DIV> </DIV>
<DIV><BR>include $RULE_PATH/bad-traffic.rules<BR>include $RULE_PATH/exploit.rules<BR>include $RULE_PATH/scan.rules<BR>include $RULE_PATH/finger.rules<BR>include $RULE_PATH/ftp.rules<BR>include $RULE_PATH/icmp-info.rules<BR>include $RULE_PATH/imap.rules<BR>include $RULE_PATH/info.rules<BR>include $RULE_PATH/local.rules<BR>include $RULE_PATH/misc.rules<BR>include $RULE_PATH/multimedia.rules<BR>include $RULE_PATH/mysql.rules<BR>include $RULE_PATH/netbios.rules<BR>include $RULE_PATH/nntp.rules<BR>include $RULE_PATH/oracle.rules<BR>include $RULE_PATH/other-ids.rules<BR>include $RULE_PATH/p2p.rules<BR>include $RULE_PATH/policy.rules<BR>include $RULE_PATH/pop2.rules<BR>include $RULE_PATH/pop3.rules<BR>include $RULE_PATH/porn.rules<BR>include $RULE_PATH/rpc.rules<BR>include $RULE_PATH/rservices.rules<BR>include $RULE_PATH/scan.rules<BR>include $RULE_PATH/shellcode.rules<BR>include $RULE_PATH/smtp.rules<BR>include $RULE_PATH/snmp.rules<BR>include $RULE_PATH/sql.rules<BR>include $RULE_PATH/telnet.rules<BR>include $RULE_PATH/tftp.rules<BR>include $RULE_PATH/virus.rules<BR>include $RULE_PATH/web-attacks.rules<BR>include $RULE_PATH/web-cgi.rules<BR>include $RULE_PATH/attack-responses.rules<BR>include $RULE_PATH/backdoor.rules<BR>include $RULE_PATH/chat.rules<BR>include $RULE_PATH/classification.rules<BR>include $RULE_PATH/ddos.rules<BR>include $RULE_PATH/deleted.rules<BR>include $RULE_PATH/dns.rules<BR>include $RULE_PATH/dos.rules <BR>    <BR></DIV></TD></TR>
<TR>
<TD id=INCREDIFOOTER width="100%">
<TABLE cellSpacing=0 cellPadding=0 width="100%">
<TBODY>
<TR>
<TD width="100%"></TD>
<TD id=INCREDISOUND vAlign=bottom align=middle></TD>
<TD id=INCREDIANIM vAlign=bottom align=middle></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR>
<TR>
<TD id=INCREDIFOOTER width="100%">
<TABLE cellSpacing=0 cellPadding=0 width="100%">
<TBODY>
<TR>
<TD width="100%"></TD>
<TD id=INCREDISOUND vAlign=bottom align=middle></TD>
<TD id=INCREDIANIM vAlign=bottom align=middle></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></BODY></HTML>