[Snort-users] FAQ...

Christoph Ganser chganser at ...807...
Fri Nov 17 07:12:55 EST 2000


i am new to this list.

i have newly installed snort on a box checking a 512kb link. in a few day
we are goning to have a 10mb link.

as i am new to snort i just used all rules in the snort db. now i have
many many massages. 

my questions:

1. do you know a document, witch is going to help me to interpret all
messages? what is harmless and witch messages not. 

2. i get many port scan messages from the dns-servers. i read somewhere,
that i can set a dnsservers variable in the rules file.

something like 
var DNSSERVERS dns1.domain.tld dns3.domain.tld

but it didn't help much. what is wrong?

thanks and bye

Christoph Ganser
Zuerich, Switzerland
PGP http://www.uplink.ethz.ch/~chganser/pgp_keys.asc
Mobile: +41 76 580 72 90

More information about the Snort-users mailing list