[Snort-users] DNS portscans

shawn . moyer shawn at ...1184...
Wed Mar 14 13:38:51 EST 2001


Add the DNS server to portscan-ignore-hosts.


--shawn




Bob Van Cleef wrote:
> 
> The below scans have been showing up a lot lately as use of our VPN
> network grows.  The logs make it look like our DNS server / Web server is
> scanning our VPN network.
> 
> Bob
> -*> Snort! <*-
> Version 1.7
> 
> Mar 13 13:49:44 WEB-DNS-SERVER-IP:53 -> VPN-ROUTER-IP:2267 UDP
> Mar 13 13:49:44 WEB-DNS-SERVER-IP:53 -> VPN-ROUTER-IP:2270 UDP
> Mar 13 13:49:45 WEB-DNS-SERVER-IP:53 -> VPN-ROUTER-IP:2274 UDP
> Mar 13 13:49:45 WEB-DNS-SERVER-IP:53 -> VPN-ROUTER-IP:2277 UDP
> Mar 13 13:49:52 WEB-DNS-SERVER-IP:53 -> VPN-ROUTER-IP:2281 UDP
> Mar 13 15:43:15 WEB-DNS-SERVER-IP:53 -> VPN-ROUTER-IP:3402 UDP
> Mar 13 15:43:16 WEB-DNS-SERVER-IP:53 -> VPN-ROUTER-IP:3405 UDP
> Mar 13 15:43:16 WEB-DNS-SERVER-IP:53 -> VPN-ROUTER-IP:3408 UDP
> Mar 13 15:43:16 WEB-DNS-SERVER-IP:53 -> VPN-ROUTER-IP:3410 UDP
> Mar 13 16:45:28 WEB-DNS-SERVER-IP:53 -> VPN-ROUTER-IP:3140 UDP
> Mar 13 16:45:28 WEB-DNS-SERVER-IP:53 -> VPN-ROUTER-IP:3142 UDP
> Mar 13 16:45:29 WEB-DNS-SERVER-IP:53 -> VPN-ROUTER-IP:3146 UDP
> Mar 13 16:45:29 WEB-DNS-SERVER-IP:53 -> VPN-ROUTER-IP:3149 UDP
> Mar 13 16:45:29 WEB-DNS-SERVER-IP:53 -> VPN-ROUTER-IP:3152 UDP
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users

-- 

s h a w n   m o y e r
shawn at ...1184...

The universe did not invent justice; man did. 
Unfortunately, man must reside in the universe.

                                        -- Zelazny




More information about the Snort-users mailing list