[Dshield] Snort portscan.log client not working...
cbyrum at erp.com
Tue Oct 16 00:06:00 GMT 2001
Hi there people. I'm running snort 1.8.1, and I've tried the
snort-portscan.pl script from dshield.org, but it doesn't work. All of
the lines come back as being invalid. I tried hacking on the script a
bit and I think I might have fixed it. Has anyone else had problems with
this combination of software:
Debian GNU/Linux 2.2
I've been using LaBrea to trap scanners and other bad things, so I don't
get ipchains DENY messages in my log files anymore. I was thinking I
could still submit them to dshield using my snort's portscan detector..
but this client just doesn't seem to work. Is anyone maintaining it? I
was thinking of modifying it to work more like the ipchains client.
More information about the list