LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-19-2004, 12:38 PM   #1
Pcghost
Senior Member
 
Registered: Feb 2003
Location: The Real Washington
Distribution: Ubuntu, Debian, SuSE, UnSlung, Android
Posts: 1,819

Rep: Reputation: 46
Question snort logging all outbound traffic as port-scan?


EDIT: After further digging, it occurs to me that configuring Snort is more like configuring Iptables than configuring Squid. I am going to have to write a conf file from scratch to fit our needs, as modifying the default snort.conf file is hopeless. God I hope it doesn't take as long as learning iptables scripting.


Revised Question:

If I use the preprocessor flow_portscan for detection of portscans, do I still need preprocessor portscan? Or does the former replace the latter in terms of functionality?

Last edited by Pcghost; 04-19-2004 at 03:46 PM.
 
Old 04-20-2004, 01:45 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,311
Blog Entries: 54

Rep: Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860
If I use the preprocessor flow_portscan for detection of portscans, do I still need preprocessor portscan? Or does the former replace the latter in terms of functionality?
IIRC in Snort-2.1.x conversation, portscan and portscan2 where replaced by flow-portscan.
 
Old 04-20-2004, 11:40 AM   #3
Pcghost
Senior Member
 
Registered: Feb 2003
Location: The Real Washington
Distribution: Ubuntu, Debian, SuSE, UnSlung, Android
Posts: 1,819

Original Poster
Rep: Reputation: 46
Cool, thanks Unspawn. Can you suggest a good book on Snort? I see that there are a number of them, some specific to Snort and some more focused on Snort with LAMP. I intend to use Snort for long-term network intrusion detection.
 
Old 04-20-2004, 01:12 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,311
Blog Entries: 54

Rep: Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860
Can you suggest a good book on Snort?
Soz, I can't. I usually read online docs (when I got the time that is).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Logging All Incoming / Outbound Traffic technick Linux - Security 1 10-24-2005 02:32 PM
Spike in outbound traffic- where to look? htmlcoder Linux - Security 3 03-19-2005 03:13 PM
Snort , quit logging that port! stakhous Linux - Security 0 12-08-2004 04:37 PM
snort not logging port scans? Should I use log or alert? lucastic Linux - Security 3 08-30-2004 04:34 AM
Force outbound reply traffic to reuse inbound non-gw NIC? Jon- Linux - Networking 2 03-05-2002 04:50 PM


All times are GMT -5. The time now is 05:36 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration