I recently installed on a Linux box (Redhat 7.2) snort and acid, following
the instructions (kindly provided on
http://www.sfhn.net/whites/snort_acid-rpm.html) by Mr. Mark Johnson.

The installation went straightforward and everything seems to work. But...

1) snort seems to detect portscans from nmap only on the host where snort
runs. Is this a normal behaviour? It is not clear for me if snort should
detect portscans on all the net (or if it should not detect portscans at
all).

2) I've not been able to verify if my snort.conf loads correctly. Is there
a way to see what rules are loaded?

Thanks to all,
Emanuele Salvador

"The stars are matter, we're matter. But it doesn't matter."

- Don Van Vliet -

_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidthsourceforge.net
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]