[Snort-users] spp

niko at ...2371... niko at ...2371...
Sat Jun 30 08:25:01 EDT 2001

  I am still getting bombarded with spp_portscan messages even though the
IP that I am getting the portscan from is in my $DNS_SERVERs var

Here is a modified snippet:

var DNS_SERVERS [xxx.xx.0.3,xxx.xx.0.2]

  The .0.2 is the one I am still receiving.  Any ideas??

More information about the Snort-users mailing list