Re: spp_portscan, is this something to be worried about

[Arvind Clemente <arvind () controlnet co in>]

Hi Ronneil

Ronneil Camara wrote:

> I'm a receiving so many traffic from our dns server specifically
> spp_portscan. Is this something to be worried about? Is our dns server
> compromised if it is so chatty about portscans

edit your snort.conf file na dconfigure to ignore your dns servers. Here
is what needs to be done

var DNS_SERVERS [x.x.x.x/24,x.x.x.x/24]
preprocessor portscan-ignorehosts: $DNS_SERVERS

In the  first line put dns servers ip addresses including the ISP's and
the second line tells to ignore portscans from your dns servers.

rgds

Arvind Clemente




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users