Snort mailing list archives
Re: DNS portscan alerts
From: Leigh David Heyman <leigh () ai mit edu>
Date: Fri, 15 Mar 2002 12:20:33 -0500
I did'nt have this problem when i used to run bind, It used to run on the public interface though.
Of course you didn't if you were running snort on the local interface, and bind on the public interface. I imagine if you run bind on the local interface you'd get the same effect
How can i tell snort to ignore this portscans, I cannot list every DNS server in the portscan-ignorehosts.
will this work? Defining a network without your DNS server(s) var HOME_NET_NODNS [$HOME_NET,!your.dns.ip/32] then preprocessor portscan: $HOME_NET_NODNS 4 3 portscan.log -Leigh ----------------------------- The difference between the right word and the almost right word is the difference between lightning and the lightning bug. -- Mark Twain _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- DNS portscan alerts Dushyanth Harinath (Mar 14)
- Re: DNS portscan alerts Leigh David Heyman (Mar 15)
- Re: DNS portscan alerts Dushyanth Harinath (Mar 15)
- Re: DNS portscan alerts Leigh David Heyman (Mar 18)
- Re: DNS portscan alerts Dushyanth Harinath (Mar 18)
- Re: DNS portscan alerts Leigh David Heyman (Mar 18)
- Re: DNS portscan alerts Dushyanth Harinath (Mar 18)
- Re: DNS portscan alerts Leigh David Heyman (Mar 19)
- Re: DNS portscan alerts Dushyanth Harinath (Mar 15)
- Re: DNS portscan alerts Leigh David Heyman (Mar 15)