Snort mailing list archives
RE: Arghh...how do I stop it doing this!!
From: "Ed Greshko" <Edward.M.Greshko () syntegra com>
Date: Thu, 3 May 2001 23:46:48 +0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Active System Attack Alerts =-=-=-=-=-=-=-=-=-=-=-=-=-= [**] MISC source port 53 to <1023 [**] 05/04-00:04:47.283946 209.235.102.13:53 -> 203.164.xxx.xxx:53 UDP TTL:237 TOS:0x0 ID:50935 IpLen:20 DgmLen:460 DF [**] MISC source port 53 to <1023 [**] 05/04-00:04:47.542673 209.235.102.12:53 -> 203.164.xxx.xxx:53 UDP TTL:237 TOS:0x0 ID:21123 IpLen:20 DgmLen:137 DF [...etc...] Damn thing seems to read every DNS query _I_ do as a bloody alert notable event!! ARRGHH!!!
Read the documentation? :-) :-) Part of the snort.conf has.... # Define the addresses of DNS servers and other hosts # if you want to ignore portscan false alarms from them... Do that and things magically get better. I know, I did the same thing earlier today. :-) Ed -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBOvF9YyvPyVlLXt2/EQJJFACg3pU8ep3MGCVwtPbFoz6STdF41RMAoILr qoDVIyeqdvrRGC7fTfofbtZe =AbdR -----END PGP SIGNATURE----- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Arghh...how do I stop it doing this!! Dave Fitches (May 03)
- RE: Arghh...how do I stop it doing this!! Ed Greshko (May 03)
- RE: Arghh...how do I stop it doing this!! Dave Fitches (May 03)
- Re: Arghh...how do I stop it doing this!! Brian Caswell (May 03)
- <Possible follow-ups>
- RE: Arghh...how do I stop it doing this!! Neil Dickey (May 03)
- RE: Arghh...how do I stop it doing this!! Robert D. Hughes (May 07)
- RE: Arghh...how do I stop it doing this!! Ed Greshko (May 03)