I need to be able to detect portscans from two servers on my subnet
(these servers are not administered by me, but I can sniff their
I've tried snort with mixed results.
By default snort doesn't log scans from my net to external net (only
the other way around)
I tried changing the preprocessor portscan: to any and now I am able
to detect portscans from any machine on my subnet to the outside but
now even web browsing traffic is being picked up as portscans.
So any suggestions would be appreciated.