Snort mailing list archives
RE: Not ignoring DNS servers
From: Paul Slinski <pauls () globaliqx com>
Date: Thu, 6 Sep 2001 14:11:32 -0400 (EDT)
ic... My mind was ignoring the ICMP in the alert. Thanks. On Thu, 6 Sep 2001, Fraser Hugh wrote:
Date: Thu, 6 Sep 2001 14:08:23 -0400 From: Fraser Hugh <hugh_fraser () dofasco ca> To: 'Paul Slinski' <pauls () globaliqx com> Subject: RE: [Snort-users] Not ignoring DNS servers This alert is being generated by a rule in icmp-info.rules file, not by the portscan preprocessor. You need to change the " ICMP Destination Unreachable (Port Unreachable)" rule to exclude these hosts.-----Original Message----- From: Paul Slinski [SMTP:pauls () globaliqx com] Sent: Thursday, September 06, 2001 1:50 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Not ignoring DNS servers I have snort set up the following way in snort.conf (snort rules from snort site): var DNS_SERVERS [206.191.0.140/32,206.191.0.210/32] and
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Not ignoring DNS servers Paul Slinski (Sep 06)
- RE: Not ignoring DNS servers Snoopy (Sep 06)
- RE: Not ignoring DNS servers Paul Slinski (Sep 06)
- Re: Not ignoring DNS servers Italo Antonio (Sep 06)
- <Possible follow-ups>
- RE: Not ignoring DNS servers Paul Slinski (Sep 06)
- RE: Not ignoring DNS servers Snoopy (Sep 06)