[Snort-users] Bind Attack (newbie alert)

Utopian Admin admin at ...1419...
Tue Mar 6 19:29:35 EST 2001

Is it possible portsentry intercepted the "attack" before snort got a chance
to?  I know portsentry can block via "route reject" and TCP wrappers.


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Bob Staaf
Sent: Tuesday, March 06, 2001 2:52 PM
To: Snort-users at lists.sourceforge.net
Subject: [Snort-users] Bind Attack (newbie alert)

Hello all,

     Been running snort for a few hours now and ran into the following
situation.  I also run Portsentry on this server and it caught a portscan on
bind.  However, snort did not catch it.

Mar  6 15:13:48 swshost portsentry[573]: attackalert: UDP scan from host: to UDP port: 53
Mar  6 15:13:48 swshost portsentry[573]: attackalert: Host: is already blocked Ignoring

Any help in pointing me to the right places in my snort config to
troubleshoot this would be much appreciated!



Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:

More information about the Snort-users mailing list