Snort mailing list archives
Re: DNS, portscan, & laptops
From: Vitaly Osipov <vosipov () wolfegroup ie>
Date: Tue, 19 Jun 2001 09:46:24 +0100
It's just another example that it's _bad_ to use automated complaining (and, oh horror, firewall reconfiguration) tools. Standart example - 5 minutes of spoofed traffic, and you'll be known as a big spammer for the rest of your life :))) regards, Vitaly. Andrew Daviel wrote:
A little gotcha - well, as it relates to my reporter script http://andrew.triumf.ca/pub/security/reporter/ The notes say to ignore DNS servers to avoid triggering the portscan plugin. So I ignore the root nameservers, our onsite users use our onsite nameservers, occasional DNS lookups are ignored, and everything is OK. Then someone brings a laptop onsite, forgets to reconfigure the DNS from their home ISP, and does a lot of surfing. Result, 2 automated complaints sent to their ISP (followed by manual "sorry! please ignore."). I since fixed the script to ignore UDP source port 53. Normally, I suppose, you would like to know about someone misconfigured like this, but probably not to panic... -- Andrew Daviel, TRIUMF, Canada Tel. +1 (604) 222-7376 security () triumf ca _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- DNS, portscan, & laptops Andrew Daviel (Jun 18)
- Re: DNS, portscan, & laptops Andrew Daviel (Jun 18)
- Re: DNS, portscan, & laptops Brian Caswell (Jun 18)
- Re: DNS, portscan, & laptops Andrew Daviel (Jun 18)
- Re: DNS, portscan, & laptops Vitaly Osipov (Jun 19)