Snort mailing list archives
Right syntax ?? $DNS_SERVER ??
From: Thierry <lenaig () wanadoo fr>
Date: Mon, 18 Nov 2002 19:19:35 +0100
Hi, I have a problem with the dns server of my provider. They are noisy... Do you knox if the syntax of snort.conf is correct ? var HOME_NET $ep0_ADDRESS var EXTERNAL_NET !$HOME_NET var DNS_SERVERS [193.252.19.3/32,193.252.19.4/32] preprocessor portscan-ignorehosts: $DNS_SERVERS What i can see on ACID: #0-(1-65) [snort] (spp_portscan2) Portscan detected from 193.252.19.3: 1 targets 21 ports in 436 seconds 2002-11-18 19:49:15 193.252.19.3:53 xx.xx.xx.xx:1074 UDP Thanks -- Thierry ------------------------------------------------------- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Right syntax ?? $DNS_SERVER ?? Thierry (Nov 18)
- Re: Right syntax ?? $DNS_SERVER ?? Andrew R. Baker (Nov 19)