Results 1 to 4 of 4

Thread: snort not detected all nmap quick scan

  1. #1
    Join Date
    Aug 2012
    Beans
    47

    snort not detected all nmap quick scan

    Hello guys,

    Im testing my snort sensor of my IDS by doing some port scans using nmap. I have done some scans with the options -T4 -F, and i did 10 port scan, one after another, but snort doesn't detect all of them, just 7. i dont know why snort didn"t detect all of the it is a simple scan ( same as quick scan in Zenmap).
    Any idea why he didn't detect it?

    thanks Leo.

  2. #2
    Join Date
    Aug 2009
    Beans
    Hidden!

    Re: snort not detected all nmap quick scan

    Quote Originally Posted by Leo Matheus View Post
    Any idea why he didn't detect it?
    No, because we don't know your Snort configuration, how (from where) you scanned and what "just 7" means.

  3. #3
    Join Date
    Aug 2012
    Beans
    47

    Re: snort not detected all nmap quick scan

    im using snort 2.9.3.1 on ubuntu 12.04 LTS, i make the scan directly on the IDS(192.168.xx.yy) from another network(192.168.zz.yy), some think like that(192.168.zz.yy -> 192.168.zz.yy)
    and the "just 7" was he detect 7 of the 10 scans i made

  4. #4
    Join Date
    Aug 2009
    Beans
    Hidden!

    Re: snort not detected all nmap quick scan

    Quote Originally Posted by Leo Matheus View Post
    im using snort 2.9.3.1 on ubuntu 12.04 LTS, i make the scan directly on the IDS(192.168.xx.yy) from another network(192.168.zz.yy), some think like that(192.168.zz.yy -> 192.168.zz.yy)
    and the "just 7" was he detect 7 of the 10 scans i made
    I'm sorry but with that nfo we still can't determine why. I suggest posting:
    - the complete command line Snort runs with,
    - attaching your snort.conf (that's 'grep -v ^# snort.conf|grep .;'),
    - any other (BPF, suppression, etc, etc) filters you use,
    - the Snort log showing the scan reporting,
    - the complete command line nmap ran with.

    *Next time please try to assess what's needed beforehand. That makes threads more efficient. And usually more nfo is better.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •