[Snort-users] Bind Attack (newbie alert)

Bob Staaf rstaaf at ...1457...
Tue Mar 6 15:51:39 EST 2001


Hello all,

     Been running snort for a few hours now and ran into the following
situation.  I also run Portsentry on this server and it caught a portscan on
bind.  However, snort did not catch it.

Mar  6 15:13:48 swshost portsentry[573]: attackalert: UDP scan from host:
216.219.244.113/216.219.244.113 to UDP port: 53
Mar  6 15:13:48 swshost portsentry[573]: attackalert: Host:
216.219.244.113/216.219.244.113 is already blocked Ignoring

Any help in pointing me to the right places in my snort config to
troubleshoot this would be much appreciated!

Thanks

Bob





More information about the Snort-users mailing list