Snort mailing list archives
RE: probe alerts
From: "Jyri Hovila" <jyri.hovila () iki fi>
Date: Mon, 6 Aug 2001 01:05:36 +0300
Jim, please specify which alert you're exactly getting. The nameservers variable only affects the portscan preprocessor. What is the address of your server, and what address(es) do you have in the nameservers variable? Yours, Jyri Information Security Specialist E-mail: jyri.hovila () iki fi Certifications: http://www.brainbench.com/transcript.jsp?pid=2301241 -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Jim Hankins Sent: 5. elokuuta 2001 23:56 To: snort-users () lists sourceforge net Subject: [Snort-users] probe alerts I'm getting a BUNCH of false positives for dns traffic which is orginating from the same server I'm running snort on (RHAT 7.1) The var nameservers is set which I thought was the option to prevent this problem. Am I missing something? New user btw. Thanks! -- Jim Hankins http://www.hankinsbay.com jhankins () hankinsbay com 810-716-8480 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- probe alerts Jim Hankins (Aug 05)
- RE: probe alerts Jyri Hovila (Aug 05)
- <Possible follow-ups>
- RE: probe alerts Jyri Hovila (Aug 05)