LinuxQuestions.org - snort logging all outbound traffic as port-scan?

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - snort logging all outbound traffic as port-scan? (https://www.linuxquestions.org/questions/linux-security-4/snort-logging-all-outbound-traffic-as-port-scan-172104/)

Pcghost

04-19-2004 12:38 PM

snort logging all outbound traffic as port-scan?

EDIT: After further digging, it occurs to me that configuring Snort is more like configuring Iptables than configuring Squid. I am going to have to write a conf file from scratch to fit our needs, as modifying the default snort.conf file is hopeless. God I hope it doesn't take as long as learning iptables scripting. :D

Revised Question:

If I use the preprocessor flow_portscan for detection of portscans, do I still need preprocessor portscan? Or does the former replace the latter in terms of functionality?

unSpawn

04-20-2004 01:45 AM

If I use the preprocessor flow_portscan for detection of portscans, do I still need preprocessor portscan? Or does the former replace the latter in terms of functionality?
IIRC in Snort-2.1.x conversation, portscan and portscan2 where replaced by flow-portscan.

Pcghost

04-20-2004 11:40 AM

Cool, thanks Unspawn. Can you suggest a good book on Snort? I see that there are a number of them, some specific to Snort and some more focused on Snort with LAMP. I intend to use Snort for long-term network intrusion detection.

unSpawn

04-20-2004 01:12 PM

Can you suggest a good book on Snort?
Soz, I can't. I usually read online docs (when I got the time that is).

All times are GMT -5. The time now is 05:10 PM.