Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snort with SPADE...snort in anomaly mode?

From: "pfeito" <pfeito () netcabo pt>
Date: Thu, 25 Mar 2004 23:24:49 -0000
sorry, this may be a newb question, but what exactly is a
pre-processor in regards to snort?


I'm a newb and I'd like to know that too. 

Regarding this matter:
I tried to scan my own firewall (my snort's box is outside this firewall)
using a remote linux and NMAP and I noticed that snort has thrown alerts for
various ports instead of throwing only one higher severity alert that I was
being port scanned... ACID interface actually shows 0% port scanning
activity.

Ive read in snort's manual that you have to use some preprocessing
directives or something like that, to enable snort to recognize these
individual port peeps (from the same IP address), as one single port scan
attack.

I'd like to know where and how can I activate this functionally or
preprocessing directives.

Thanx!

-pfeito




-----Original Message-----
From: snort-users-admin () lists sourceforge net [mailto:snort-users-
admin () lists sourceforge net] On Behalf Of Jason Humes
Sent: terça-feira, 23 de Março de 2004 18:59
To: 'snort-users () lists sourceforge net'
Subject: [Snort-users] Snort with SPADE...snort in anomaly mode?

Hi
Has anyone had any experience with running snort with SPADE as a
preprocessor...sorry, this may be a newb question, but what exactly is a
pre-processor in regards to snort?  Thanks for the chance to get answers
to
two questions... :)

Jason



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: