Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: couple questions

From: "Karen Marino" <kmarino () returncentral com>
Date: Tue, 2 Oct 2001 13:44:31 -0400
Sorry I meant to reply to the group.  

I have a question about this alert also, is it possible to monitor this
rule but exclude port 53 to 53 on only my dns servers?

Thanks,
Karen


-----Original Message-----
From: Ilya [mailto:mail () krel org] 
Sent: Tuesday, October 02, 2001 12:22 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] couple questions

I have two questions :
1 how can i stop this
10/02-00:15:28.424495  [**] [1:515:2] MISC source port 53 to <1024 [**]
[Classification: Potentially  Bad Traffic] [Priority: 2] {UDP}
xx.xx.xx.xx:53 -> xx.xx.xx.xx:53

i run a dns server, so this traffic should be ok. but i still want to be
notified about everything else "Potentially Bad".

Also in snort.conf I setup :
output alert_syslog: LOG_LOCAL5
but nothing goes to the syslog. however everything is logged to usual
files.
I am running freebsd 4.4

thx


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: