Snort mailing list archives
Re: spp_portscan, is this something to be worried about
From: Arvind Clemente <arvind () controlnet co in>
Date: Fri, 07 Dec 2001 10:40:26 +0530
Hi Ronneil Ronneil Camara wrote:
I'm a receiving so many traffic from our dns server specifically spp_portscan. Is this something to be worried about? Is our dns server compromised if it is so chatty about portscans
edit your snort.conf file na dconfigure to ignore your dns servers. Here is what needs to be done var DNS_SERVERS [x.x.x.x/24,x.x.x.x/24] preprocessor portscan-ignorehosts: $DNS_SERVERS In the first line put dns servers ip addresses including the ISP's and the second line tells to ignore portscans from your dns servers. rgds Arvind Clemente _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- spp_portscan, is this something to be worried about Ronneil Camara (Dec 06)
- Re: spp_portscan, is this something to be worried about Michael Boman (Dec 06)
- Re: spp_portscan, is this something to be worried about Arvind Clemente (Dec 06)