[Snort-users] Re: [Snort-devel] portscan events not showing up in base
This is a discussion on [Snort-users] Re: [Snort-devel] portscan events not showing up in base within the Snort forums, part of the System Security and Security Related category; Oh, looks like this is for for flow-portscan, which I'm not using. Maybe I should? How does it ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-23-2006
|
|||
|
|||
[Snort-users] Re: [Snort-devel] portscan events not showing up in base
Oh, looks like this is for for flow-portscan, which I'm not using.
Maybe I should? How does it compare to sfportscan and portscan2 in people's experience? -- John On Tue, May 23, 2006 at 11:53:32AM -0500, John Newman wrote: > I'm not familiar with this option, or even where this option would go... > could you give me more info? =20 >=20 > thanks! >=20 > -- > John >=20 > On Tue, May 23, 2006 at 12:08:41PM -0400, Eric Lauzon wrote: > > Do you use > > the option: > > output-mode pktkludge=20 > > ?? > >=20 > >=20 > >=20 > > Eric Lauzon > > [Recherche & D?veloppement] > > Above S?curit? / Above Security > > T?l : (450) 430-8166 > > Fax : (450) 430-1858=20 > >=20 > > --------------------------------------- > > "Premature optimization is the root of all > > evil (or at least most of it) in programming." > > - Donald Knuth > > =20 > >=20 > > > -----Original Message----- > > > From: snort-devel-admin@lists.sourceforge.net=20 > > > [mailto:snort-devel-admin@lists.sourceforge.net] On Behalf Of=20 > > > John Newman > > > Sent: 23 mai 2006 12:06 > > > To: snort-users@lists.sourceforge.net;=20 > > > snort-devel@lists.sourceforge.net > > > Subject: [Snort-devel] portscan events not showing up in base > > >=20 > > > Hello, > > >=20 > > > I'm using snort 2.4.4 but not sfportscan, rather the older=20 > > > portscan and > > > portscan2 modules. I've just realized that, although=20 > > > portscans are being detected just fine, they aren't being=20 > > > propagated through barnyard into the base database. =20 > > >=20 > > > e.g. > > >=20 > > > select * from acid_event where sig_name like '%portscan%' and=20 > > > timestamp > > > > '2006-05-01 00:00:00'; > > >=20 > > > returns nothing > > >=20 > > > If I change the date portion to sometime last month, before I switched > > > from sfportscan, I get all sorts of results. Does anyone=20 > > > have any clue > > > what might be causing this? > > >=20 > > > thanks, > > >=20 > > > -- > > > John Newman > > > Systems Administrator, WebXess Inc. > > >=20 > > >=20 > > > ------------------------------------------------------- > > > Using Tomcat but need to do more? Need to support web=20 > > > services, security? > > > Get stuff done quickly with pre-integrated technology to make=20 > > > your job easier > > > Download IBM WebSphere Application Server v.1.0.1 based on=20 > > > Apache Geronimo > > > http://sel.as-us.falkag.net/sel?cmd=...&bid=3D263057& > > > dat=3D121642 > > > _______________________________________________ > > > Snort-devel mailing list > > > Snort-devel@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/...fo/snort-devel > > > > >=20 > > AVERTISSEMENT CONCERNANT LA CONFIDENTIALIT?=20 > >=20 > > Le pr?sent message est ? l'usage exclusif du ou des destinataires menti= onn?s ci-dessus. Son contenu est confidentiel et peut ?tre assujetti au sec= ret professionnel. Si vous avez re?u le pr?sent message par erreur, veuille= z nous en aviser imm?diatement et le d?truire en vous abstenant d'en faire = une copie, d'en divulguer le contenu ou d'y donner suite. > >=20 > > CONFIDENTIALITY NOTICE > >=20 > > This communication is intended for the exclusive use of the addressee i= dentified above. Its content is confidential and may contain privileged inf= ormation. If you have received this communication by error, please notify t= he sender and delete the message without copying or disclosing it. > >=20 > >=20 > > ------------------------------------------------------- > > Using Tomcat but need to do more? Need to support web services, securit= y? > > Get stuff done quickly with pre-integrated technology to make your job = easier > > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geron= imo > > http://sel.as-us.falkag.net/sel?cmd=...057&dat=121642 > > _______________________________________________ > > Snort-devel mailing list > > Snort-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/...fo/snort-devel >=20 > --=20 > John Newman > Systems Administrator, WebXess Inc. >=20 >=20 > ------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job ea= sier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=...057&dat=121642 > _______________________________________________ > Snort-devel mailing list > Snort-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/...fo/snort-devel --=20 John Newman Systems Administrator, WebXess Inc. ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=...057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
