Re: snort not recognizing dns server correctly

To: Jeff <jcoppock1@attbi.com>, debian-security@lists.debian.org
Subject: Re: snort not recognizing dns server correctly
From: dafr <torqd@yahoo.com>
Date: Fri, 3 May 2002 10:52:39 -0700 (PDT)
Message-id: <[🔎] 20020503175239.36360.qmail@web11406.mail.yahoo.com>
In-reply-to: <[🔎] 20020503164857.GB23186@jc.oftheinter.net>

Jeff,

I had this problem initially as well when I reconfigured snort, until I
restarted the service. Quite obvious in retrospect, but when I missed
it initially, I could see others doing the same.

There is also a section towards the bottom of the snort.conf file that
you _also_ have to unhash, for DNS_SERVERS, IIRC, to actually activate
the DNS filter.

HTH,
David

--- Jeff <jcoppock1@attbi.com> wrote:
> I have the following entry in /etc/snort/snort.conf
> 
> var DNS_SERVERS [192.168.0.0/24,216.148.227.68/32,204.127.202.4/32]
> 
> The 192... is a local private network and the next 2 addresses
> are dns servers.  Snort is constantly logging activity to the 1st
> dns server as a portscan, and as I understand it, this config
> entry is supposed to eliminate that.  Is this incorrect?
> 
> thanks,
> jc
> 
> -- 
> Jeff Coppock		Systems Engineer
> Diggin' Debian		Admin and User

__________________________________________________
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com

-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: snort not recognizing dns server correctly
  - From: Jeff <jcoppock1@attbi.com>

References:
- snort not recognizing dns server correctly
  - From: Jeff <jcoppock1@attbi.com>

Prev by Date: snort not recognizing dns server correctly
Next by Date: Re: snort not recognizing dns server correctly
Previous by thread: snort not recognizing dns server correctly
Next by thread: Re: snort not recognizing dns server correctly
Index(es):
- Date
- Thread