[Snort-users] Dynamic Addresses

Dave Fitches sticks.au at ...375...
Tue Apr 10 10:28:53 EDT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Can someone tell me if this is right??

I want Snort to ignore portscan alerts from the DNS servers and game servers
I connect to...
I ALSO want to get snort to ignore any port 53 activity to/from me and my
DNS servers... can't figure that one out... [Probably me being thick....]


# Define the addresses of DNS servers and other hosts
# if you want to ignore portscan false alarms from them...

var DNS_SERVERS [203.164.20.147/32,203.164.20.148/32]
var GAME_SERVERS [203.164.3.195/32,203.164.3.209/32,203.164.3.207/32]


# Use portscan-ignorehosts to ignore TCP SYN and UDP "scans" from
# specific networks or hosts to reduce false alerts. It is typical
# to see many false alerts from DNS servers so you may want to
# add your DNS servers here. You can all multiple hosts/networks
# in a whitespace-delimited list.

preprocessor portscan-ignorehosts: $DNS_SERVERS $GAME_SERVERS





- -

    = Dave Fitches =

________________________________________________________
 ,--__|\    David Fitches
/       \   * ICQ : 2120090   * SATCO CID : 955589
\_,--\__/   * Mobile : +61-419-466-744
       v    * E-mail : sticks.au at ...375...
               Melbourne, Victoria, Australia
               Web: http://www.bigfoot.com/~sticks.au/
_______________________________________________________
Please Note: Unless this e-mail has been sent as PRIVATE, PERSONAL or
CONFIDENTIAL, the receiver may forward copies of it on the condition  that
they send an advisory message to the original sender.
If however the message has been marked PRIVATE, PERSONAL or CONFIDENTIAL
prior consent MUST be obtained before the message can be forwarded.

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1

iQA/AwUBOtMYpAUhkO6Zt2EDEQJhFQCglOgUKlQeMA1WAyWkL4soY1a49TcAniPR
e/utEFer14NWUGz2FmxHLRGw
=YHYm
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list