RE: Snort Question

[Kresna Prawira <kprawira () esurance com>]

another newbie question.
I get a lot of false positive messages from my DNS servers.
I already define the DNS servers on "var DNS_SERVERS" and uncomment
#preprocessor portscan-ignorehosts: $DNS_SERVERS

any idea?


-----Original Message-----
From: Chris Green [mailto:cmg () uab edu]
Sent: Monday, August 27, 2001 6:04 PM
To: Bill Rogers
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Snort Question


"Bill Rogers" <billr94 () home com> writes:

> I am new to using snort and am try to get it set up correctly. I would
> like to monitor traffic contain the code red variants.  I installed
> snort on a win2k box and when I run the rule set, I keep getting an
> error C:\snort\rules\web-iis.rules:6 => Port value missing rule!

you need to define the variables $EXTERNAL_NET and $HOME_NET

see snort.conf for an example.    You should really be running snort
against that and then only including the web-iis.rules of it.
-- 
Chris Green <cmg () uab edu>
I've had a perfectly wonderful evening. But this wasn't it.
     -- Groucho Marx

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users