Re: snort not recognizing dns server correctly
I had this problem initially as well when I reconfigured snort, until I
restarted the service. Quite obvious in retrospect, but when I missed
it initially, I could see others doing the same.
There is also a section towards the bottom of the snort.conf file that
you _also_ have to unhash, for DNS_SERVERS, IIRC, to actually activate
the DNS filter.
--- Jeff <firstname.lastname@example.org> wrote:
> I have the following entry in /etc/snort/snort.conf
> var DNS_SERVERS [192.168.0.0/24,126.96.36.199/32,188.8.131.52/32]
> The 192... is a local private network and the next 2 addresses
> are dns servers. Snort is constantly logging activity to the 1st
> dns server as a portscan, and as I understand it, this config
> entry is supposed to eliminate that. Is this incorrect?
> Jeff Coppock Systems Engineer
> Diggin' Debian Admin and User
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org