Fedora Linux Support Community & Resources Center

Home Forums Posting Rules Linux Help Fedora Set-Up Guides Ask Fedora Fedora Project
Go Back   FedoraForum.org > Fedora 17/18 > Security and Privacy
Reload this Page How to configure snort to detect portscan??
FedoraForum Search
Forgot Password? Join Us!
Register All Albums FAQ Search Today's Posts Mark Forums Read

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 24th April 2009, 07:18 PM
mickey12 Offline
Registered User
  
Join Date: Mar 2009
Posts: 1
How to configure snort to detect portscan??
hey guys.........i have some problem out here........i am using snort on my fedora machine.......the problem is .......whenver i run snort and also run a portscan using Nmap from some other machine.........it doesnt generate any alert which says dat there has been a portscan......or a simple scan...........all i get is alerts which say dat icmp destination unreachable........something like this.....

sc activity] [Priority: 3] {ICMP} 192.168.45.23 -> 192.168.45.118
04/25-00:54:14.536423 [**] [1:486:5] ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited [**] [Classification: Misc activity] [Priority: 3] {ICMP} 192.168.45.23 -> 192.168.45.11
ted [**] [Classification: Misc activity] [Priority: 3] {ICMP} 192.168.45.23 -> 192.168.45.11

04/25-00:54:16.889515 [**] [1:1418:13] SNMP request tcp [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.45.11:48628 -> 192.168.45.23:161
04/25-00:54:17.545495 [**] [1:486:5] ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited [**] [Classification: Misc activity] [Priority: 3] {ICMP} 192.168.45.23 -> 192.168.45.11
04/25-00:54:17.578158 [**] [1:1421:13] SNMP AgentX/tcp request [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.45.11:48627 -> 192.168.45.23:705
04/25-00:54:17.687237 [**] [1:1421:13] SNMP AgentX/tcp request [**] [Classification: Attempted

# sfPortscan
# ----------
# Portscan detection module. Detects various types of portscans and
# portsweeps. For more information on detection philosophy, alert types,
# and detailed portscan information, please refer to the README.sfportscan.
#
# -configuration options-
# proto { tcp udp icmp ip all }
#
#
preprocessor sfportscan: proto { all } \
memcap { 10000000 } \
sense_level { medium }


################################################## ##################


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>

pls help me out guys.......i have to complete the proj in a day.......pls send ur replies .........thanking u in advance..........bye..tc......God bless..
Reply With Quote
Reply

Tags
configure, detect, portscan, snort

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
snort/snort inline/snort+flexresponse Wiles Security and Privacy 4 27th February 2010 12:08 PM
auto block ips that portscan? Wiles Security and Privacy 1 7th November 2007 05:27 PM
Portscan logs - public or concealed? tonyingesson Security and Privacy 2 12th June 2006 11:47 PM


Current GMT-time: 10:17 (Thursday, 20-06-2013)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.
Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

 FedoraForum is Powered by RedHat