Snort mailing list archives
Re: Portscan preprocessor catching DNS replies
From: Jörgen Persson <jpn () tlth lth se>
Date: Wed, 15 Aug 2001 22:13:44 +0200
On Wed, Aug 15, 2001 at 03:42:44PM -0400, Mathieu Nantel wrote: [snip]
My DNS server, like any other, recursively asks the root servers, than the target domain's dns servers, and so on... What I would like to do is, as an example, ignore anything UDP from port 53 to any over 1024.
[snip] I used to have the same problem and I couldn't find a way to solve it with ''portscan-ignorehosts''. There might be a way to solve it with a snort rule but I made an ugly bpf hack. % cat /etc/snort/bpf.rules not udp src port domain % snort -F /etc/snort/bpf.rules Jörgen _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Portscan preprocessor catching DNS replies Mathieu Nantel (Aug 15)
- Re: Portscan preprocessor catching DNS replies Jörgen Persson (Aug 15)
- Re: Portscan preprocessor catching DNS replies Andreas Östling (Aug 15)
- Re: Portscan preprocessor catching DNS replies Jörgen Persson (Aug 15)
- Re: Portscan preprocessor catching DNS replies Jörgen Persson (Aug 15)
- Re: Portscan preprocessor catching DNS replies Andreas Östling (Aug 15)
- Message not available
- Message not available
- Message not available
- Re: Portscan preprocessor catching DNS replies root (Aug 16)
- Re: Portscan preprocessor catching DNS replies Jörgen Persson (Aug 16)
- Re: Portscan preprocessor catching DNS replies Jörgen Persson (Aug 15)
- <Possible follow-ups>
- Re: Portscan preprocessor catching DNS replies Neil Dickey (Aug 15)