Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Right syntax ?? $DNS_SERVER ??

From: Thierry <lenaig () wanadoo fr>
Date: Mon, 18 Nov 2002 19:19:35 +0100
Hi,
I have a problem with the dns server of my provider.
They are noisy...
Do you knox if the syntax of snort.conf is correct ?

var HOME_NET $ep0_ADDRESS
var EXTERNAL_NET !$HOME_NET
var DNS_SERVERS [193.252.19.3/32,193.252.19.4/32]
preprocessor portscan-ignorehosts: $DNS_SERVERS

What i can see on ACID: 
#0-(1-65) [snort] (spp_portscan2) Portscan detected from 193.252.19.3: 1 
targets 21 ports in 436 seconds   2002-11-18 19:49:15   193.252.19.3:53  
xx.xx.xx.xx:1074   UDP
Thanks
--
Thierry 




-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: