Very Computer

I need to be able to detect portscans from two servers on my subnet
(these servers are not administered by me, but I can sniff their
traffic)

I've tried snort with mixed results.

By default snort doesn't log scans from my net to external net (only
the other way around)

I tried changing the preprocessor portscan: to any and now I am able
to detect portscans from any machine on my subnet to the outside but
now even web browsing traffic is being picked up as portscans.

So any suggestions would be appreciated.

Thanks

Quote:>I need to be able to detect portscans from two servers on my subnet
>(these servers are not administered by me, but I can sniff their
>traffic)

>I've tried snort with mixed results.

>By default snort doesn't log scans from my net to external net (only
>the other way around)

>I tried changing the preprocessor portscan: to any and now I am able
>to detect portscans from any machine on my subnet to the outside but
>now even web browsing traffic is being picked up as portscans.

--
Regards, RainbowHat. To spoof or not to spoof, that is the packet.
----+----1----+----2----+----3----+----4----+----5----+----6----+----7