|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Fyodor (fygrave
tigerteam.net)Date: Wed Mar 07 2001 - 14:31:07 CST
On Tue, Mar 06, 2001 at 06:29:35PM -0600, Utopian Admin wrote:
> Is it possible portsentry intercepted the "attack" before snort got a chance
> to? I know portsentry can block via "route reject" and TCP wrappers.
>
no, snort should see it at the same time. The probable reason why snort didn't see
the portscan is that either your portscan threshold(sp) is too relaxed (and seen amount
of packets wasn't enough to consider it as portscan), or target/source host(s) were
in ignorehosts directive. (then snort's portscan plugin will not count'em at all).
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]