[Snort-users] False positives from DNS servers
bmc at ...312...
Thu Mar 15 10:41:39 EST 2001
Siddhartha Jain wrote:
> I have the following entry in snort.conf :-
> var DNS_SERVERS
> I still get portscan alerts from these hosts in ~logdir/log and
Thats because DNS_SERVERS is in there for a reference.
Do you have the following?
preprocessor portscan-ignorehosts: $DNS_SERVERS
The MITRE Corporation
More information about the Snort-users