Re: snort not recognizing dns server correctly
Jeff,
I had this problem initially as well when I reconfigured snort, until I
restarted the service. Quite obvious in retrospect, but when I missed
it initially, I could see others doing the same.
There is also a section towards the bottom of the snort.conf file that
you _also_ have to unhash, for DNS_SERVERS, IIRC, to actually activate
the DNS filter.
HTH,
David
--- Jeff <jcoppock1@attbi.com> wrote:
> I have the following entry in /etc/snort/snort.conf
>
> var DNS_SERVERS [192.168.0.0/24,216.148.227.68/32,204.127.202.4/32]
>
> The 192... is a local private network and the next 2 addresses
> are dns servers. Snort is constantly logging activity to the 1st
> dns server as a portscan, and as I understand it, this config
> entry is supposed to eliminate that. Is this incorrect?
>
> thanks,
> jc
>
> --
> Jeff Coppock Systems Engineer
> Diggin' Debian Admin and User
__________________________________________________
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: