Snort mailing list archives
Difference Portscan format under 2.1.0 to 2.0.5
From: Stephen Meatheringham <sme () heracles itsc adfa edu au>
Date: Mon, 16 Feb 2004 15:01:30 +1100 (EST)
Hi I've recently upgraded my snort from 2.0.5 to 2.1.0. I note that the portscan section is now very different. Indeed I don't seem to get a portscan log file any longer and see entries such as these in my alert log file: [**] [121:4:1] Portscan detected from 203.26.51.50 Talker(fixed: 30 sliding: 30) Scanner(fixed: 0 sliding: 0) [**] [**] [121:4:1] Portscan detected from 130.241.27.5 Talker(fixed: 30 sliding: 30) Scanner(fixed: 0 sliding: 0) [**] [**] [121:4:1] Portscan detected from 61.88.251.10 Talker(fixed: 30 sliding: 30) Scanner(fixed: 0 sliding: 0) [**] If possible I'd like to get similar output to the older version which when processed with snortsnarf shows me the IP addresses scanned and the port(s) scanned on. I can't seem to work out how to achieve this. Thanks in advance for any advice. Stephen Meatheringham Senior Network Engineer, IT Services Australian Defence Force Academy email: s.meatheringham () adfa edu au Phone: +61 2 6268 8142 Fax: +61 2 6268 8150 ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Difference Portscan format under 2.1.0 to 2.0.5 Stephen Meatheringham (Feb 16)