snort don't log port scans
i use nmap to test snort
but snort only work when i make this command
nmap -sV 192.168.1.1 the alert that i get is :
[**] [1:1418:11] SNMP request tcp [**]
[Classification: Attempted Information Leak] [Priority: 2]
11/30-20:18:47.117426 192.168.1.55:58833 -> 192.168.1.1:179
TCP TTL:51 TOS:0x0 ID:64659 IpLen:20 DgmLen:44
if you look at the port from 192.168.1.55 is port is 58833 only heigh ports who come from my pc are record as alert;
when i made commands like -sT and -sY he dint record nothing
how i can configure my snort.conf that will recorded ports scans ?
|