| M Shirk 2004-09-29, 7:57 pm |
| This is a multi-part message in MIME format.
------=_NextPart_000_6ea4_4337_312d
Content-Type: text/plain; format=flowed
The Port scan on the first page in ACID is looking for a file with port
scanning activity. You have to setup Snort to log the port scanning activity
with the Portscan Detector
http://www.snort.org/docs/writing_r...ml#tth_sEc2.4.2
Shirkdog
>From: "RD R" <careergeek@hotmail.com>
>To: snort-users@lists.sourceforge.net
>Subject: [Snort-users] Port scan not being logged? at 0 %?
>Date: Tue, 28 Sep 2004 19:52:31 -0400
>
________________________________________
_________________________
On the road to retirement? Check out MSN Life Events for advice on how to
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
------=_NextPart_000_6ea4_4337_312d
Content-Type: message/rfc822
X-Message-Info: 820stLNiepTvGf6E0FOnNodbvAYVOo3SUPz8fDGn
GVs=
Received: from mc1-f5.hotmail.com ([64.4.50.12]) by mc1-s15.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824);
Tue, 28 Sep 2004 17:11:00 -0700
Received: from sc8-sf-list1.sourceforge.net ([66.35.250.206]) by mc1-f5.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824);
Tue, 28 Sep 2004 17:10:42 -0700
Received: from localhost ([127.0.0.1] helo=projects.sourceforge.net)
by sc8-sf-list1.sourceforge.net with esmtp (Exim 4.30)
id 1CCRsj-0004u0-4U; Tue, 28 Sep 2004 16:59:41 -0700
Received: from sc8-sf-mx2-b.sourceforge.net ([10.3.1.12] helo=sc8-sf-mx2.sourceforge.net)
by sc8-sf-list1.sourceforge.net with esmtp (Exim 4.30)
id 1CCRmQ-0003fA-Cn
for snort-users@lists.sourceforge.net; Tue, 28 Sep 2004 16:53:10 -0700
Received: from bay10-f22.bay10.hotmail.com ([64.4.37.22] helo=hotmail.com)
by sc8-sf-mx2.sourceforge.net with esmtp (Exim 4.41)
id 1CCRmP-0004SB-J7
for snort-users@lists.sourceforge.net; Tue, 28 Sep 2004 16:53:10 -0700
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
Tue, 28 Sep 2004 16:53:04 -0700
Received: from 68.221.89.157 by by10fd.bay10.hotmail.msn.com with HTTP;
Tue, 28 Sep 2004 23:52:31 GMT
X-Originating-IP: [68.221.89.157]
X-Originating-Email: [careergeek@hotmail.com]
X-Sender: careergeek@hotmail.com
From: "RD R" <careergeek@hotmail.com>
To: snort-users@lists.sourceforge.net
Bcc:
Mime-Version: 1.0
Content-Type: text/html
Message-ID: <BAY10-F22XPXF2aZcdj000039f2@hotmail.com>
X-OriginalArrivalTime: 28 Sep 2004 23:53:04.0421 (UTC) FILETIME=[4B99AD50:01C4A5B6]
X-Spam-Score: 1.6 (+)
X-Spam-Report: Spam Filtering performed by sourceforge.net.
See http://spamassassin.org/tag/ for more details.
Report problems to http://sf.net/tracker/?func=add&group_id=1&atid=200001
0.0 SF_CHICKENPOX_COLON BODY: Text interparsed with :
0.0 SF_CHICKENPOX_PERIOD BODY: Text interparsed with .
0.8 HTML_30_40 BODY: Message is 30% to 40% HTML
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.7 MIME_HTML_NO_CHARSET RAW: Message text in HTML without charset
Subject: [Snort-users] Port scan not being logged? at 0 %?
Sender: snort-users-admin@lists.sourceforge.net
Errors-To: snort-users-admin@lists.sourceforge.net
X-BeenThere: snort-users@lists.sourceforge.net
X-Mailman-Version: 2.0.9-sf.net
Precedence: bulk
List-Unsubscribe: <https://lists.sourceforge.net/lists...nfo/snort-users>,
<mailto:snort-users-request@lists.sourceforge.net?subject=unsubscribe>
List-Id: Snort users talk about... Snort! <snort-users.lists.sourceforge.net>
List-Post: <mailto:snort-users@lists.sourceforge.net>
List-Help: <mailto:snort-users-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists...nfo/snort-users>,
<mailto:snort-users-request@lists.sourceforge.net?subject=subscribe>
List-Archive: <http://sourceforge.net/mailarchive/...rum=snort-users>
X-Original-Date: Tue, 28 Sep 2004 19:52:31 -0400
Date: Tue, 28 Sep 2004 19:52:31 -0400
Return-Path: snort-users-admin@lists.sourceforge.net
<html><div style='background-color:'><DIV class=RTE>I am running snort on XP with php 4, mysql and Acid. Everything is running well except the port scan is still at 0%?? What does this mean? How can I test this to see if it is functionin
g correctly? Thanks!</DIV></div><br clear=all><hr> <a href="http://g.msn.com/8HMBENUS/2749??PS=47575" target="_top">On the road to retirement? Check out MSN Life Events for advice on how to get there!</a> </html>
-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjourn...guidepromo.tmpl
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
------=_NextPart_000_6ea4_4337_312d--
-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjourn...guidepromo.tmpl
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
|