ahh.. Snort is a great tool. Takes some time to learn and get comfortable with, but it's worth it.

Question for someone that knows more than I:
- Snort is logging events and alerts on more than just my WinXP box.. I have the $HOME_NET variable set to $(\Device\NPF\_{my NIC interface name}_ADDRESS) in Snort.conf. I do this because I have a dynamic IP address (this is a laptop). Is there something else I must do to restrict alerts and events to my IP address only?

Also, has the spp_portscan.log file been depreciated and replaced by the flow-portscan preprocessor? I'd like to generate a portscan.log file for use with ACID, but the general portscan processor isn't in the conf file (perhaps I can just place it there?)

Mucho Thankso,
l00p