[Dshield] Snort portscan.log client not working...

Clint Byrum cbyrum at erp.com
Tue Oct 16 00:06:00 GMT 2001


Hi there people. I'm running snort 1.8.1, and I've tried the 
snort-portscan.pl script from dshield.org, but it doesn't work. All of 
the lines come back as being invalid. I tried hacking on the script a 
bit and I think I might have fixed it. Has anyone else had problems with 
this combination of software:

Perl 5.005_03
Debian GNU/Linux 2.2
Snort 1.8.1

I've been using LaBrea to trap scanners and other bad things, so I don't 
get ipchains DENY messages in my log files anymore. I was thinking I 
could still submit them to dshield using my snort's portscan detector.. 
but this client just doesn't seem to work. Is anyone maintaining it? I 
was thinking of modifying it to work more like the ipchains client.

-cb




More information about the list mailing list