[Snort-users] Bind Attack (newbie alert)
rstaaf at ...1457...
Tue Mar 6 15:51:39 EST 2001
Been running snort for a few hours now and ran into the following
situation. I also run Portsentry on this server and it caught a portscan on
bind. However, snort did not catch it.
Mar 6 15:13:48 swshost portsentry: attackalert: UDP scan from host:
220.127.116.11/18.104.22.168 to UDP port: 53
Mar 6 15:13:48 swshost portsentry: attackalert: Host:
22.214.171.124/126.96.36.199 is already blocked Ignoring
Any help in pointing me to the right places in my snort config to
troubleshoot this would be much appreciated!
More information about the Snort-users