[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: snort not recognizing dns server correctly


I had this problem initially as well when I reconfigured snort, until I
restarted the service. Quite obvious in retrospect, but when I missed
it initially, I could see others doing the same.

There is also a section towards the bottom of the snort.conf file that
you _also_ have to unhash, for DNS_SERVERS, IIRC, to actually activate
the DNS filter.


--- Jeff <jcoppock1@attbi.com> wrote:
> I have the following entry in /etc/snort/snort.conf
> var DNS_SERVERS [,,]
> The 192... is a local private network and the next 2 addresses
> are dns servers.  Snort is constantly logging activity to the 1st
> dns server as a portscan, and as I understand it, this config
> entry is supposed to eliminate that.  Is this incorrect?
> thanks,
> jc
> -- 
> Jeff Coppock		Systems Engineer
> Diggin' Debian		Admin and User

Do You Yahoo!?
Yahoo! Health - your guide to health and wellness

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: