Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: probe alerts

From: "Jyri Hovila" <jyri.hovila () iki fi>
Date: Mon, 6 Aug 2001 01:05:36 +0300
Jim,

please specify which alert you're exactly getting. The nameservers
variable only affects the portscan preprocessor. What is the address of
your server, and what address(es) do you have in the nameservers
variable?

Yours,

Jyri

Information Security Specialist
E-mail: jyri.hovila () iki fi

Certifications:
http://www.brainbench.com/transcript.jsp?pid=2301241
 

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Jim
Hankins
Sent: 5. elokuuta 2001 23:56
To: snort-users () lists sourceforge net
Subject: [Snort-users] probe alerts


I'm getting a BUNCH of false positives for dns traffic which is
orginating from the same server I'm running snort on (RHAT 7.1)  The var
nameservers is set which I thought was the option to prevent this
problem. Am I missing something?

New user btw.

Thanks!

--
Jim Hankins
http://www.hankinsbay.com
jhankins () hankinsbay com
810-716-8480




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: