Pages: [1] Go Down

portscan.log

sabu

portscan.log

« on: September 18, 2002, 05:17:53 PM »

i've had multiple people test their portscans on me and none of the portscans are coming up in my portscan.log or snort alert..

is it meant to be like this?

sabu

Logged

Dan

Re: portscan.log

« Reply #1 on: September 18, 2002, 10:12:06 PM »

Well, maybe. Check to ensure that snort is running:

ps -x | grep snort

Are you running guardian? If you are, then they will be blocked and you will not see any more activity from their IP.

Logged

sabu

Re: portscan.log

« Reply #2 on: September 19, 2002, 03:26:10 PM »

snort doesn't seem to be running, and https://www/acid is having database problems aswell..

should i uninstall reinstall? is so, how?

or is there another way to fix it?

sabu

Logged

steve

Re: portscan.log

« Reply #3 on: September 19, 2002, 09:56:21 PM »

Do not uninstall...yet...
something similar happened to me when my dhcp address changed
I noticed that the database was not getting updated
I had to update my external IP in /etc/snort/snort.conf file (replace the old with the new)
then start (or restart) snortd using the full path to the file
on my server
/etc/rc.d/init.d/snortd

try that

Logged

Dan

Re: portscan.log

« Reply #4 on: September 20, 2002, 12:31:12 AM »

Or simply do a:

/sbin/e-smith/expand-template /etc/snort/snort.conf

/etc/rc.d/init.d/snortd restart

Logged

Pages: [1] Go Up

« previous next »