[Snort-users] Secure - NSLOOKUP

Scott A. McIntyre scott at ...1050...
Sun Jan 28 16:30:44 EST 2001

> I'm also in complete agreement that it is TOTALLY not snort's job to do DNS
> lookups on addresses. I mean, who runs Apache with HostNameLookup turned on?
> [if yes - you're site must be pretty low-volume]
> This "problem" needs the same solution as Apache uses - namely build the DNS
> lookups into the analysis tools - not the actual processor itself. 

<advocate mode="Devil">

It would be nice, at times, during a snort replay (-r) to have DNS
enabled for the sake of visual/mental convenience.


More information about the Snort-users mailing list