Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Not ignoring DNS servers

From: Paul Slinski <pauls () globaliqx com>
Date: Thu, 6 Sep 2001 14:14:45 -0400 (EDT)
That appears to be a windoze problem. I have a small firewall set up at
home for the house to browse though and the only hosts that generate that
error are the windoze machines.

There's my tidbit...
-Paul

On Thu, 6 Sep 2001, Snoopy wrote:


Date: Thu, 6 Sep 2001 14:15:32 -0400
From: Snoopy <wayne () cybergnostic com>
To: Paul Slinski <pauls () globaliqx com>, snort-users () lists sourceforge net
Subject: RE: [Snort-users] Not ignoring DNS servers

Dudes,

I have the same problems somewhat. I have even put the IPs in the
preprocessor line instead of the $DNS_SERVER variable. Actually I
have tried both ways.  I am running the Windows port of snort on a
win2k box. The error is

MISC source port 53 to < 1024  10.X.X.X 10.Y.Y.Y UDP.

We are running What's Up as a SNMP trap monitor as well as some
service monitoring.

Wayne

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Paul
Slinski
Sent: Thursday, September 06, 2001 1:50 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Not ignoring DNS servers


I have snort set up the following way in snort.conf (snort rules from
snort site):

var DNS_SERVERS [206.191.0.140/32,206.191.0.210/32]

and

preprocessor portscan-ignorehosts: $DNS_SERVERS




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: