[Snort-users] False positives from DNS servers
s_i_d_j at ...131...
Thu Mar 15 10:45:36 EST 2001
Thanks for the responses. Now i have included "preprocessor
portscan-ignorehosts: $DNS_SERVERS" in the config file.
----- Original Message -----
From: "Brian Caswell" <bmc at ...312...>
To: "Siddhartha Jain" <s_i_d_j at ...131...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Thursday, March 15, 2001 9:11 PM
Subject: Re: [Snort-users] False positives from DNS servers
> Siddhartha Jain wrote:
> > Hi,
> > I have the following entry in snort.conf :-
> > var DNS_SERVERS
> > [18.104.22.168/32,22.214.171.124/32,126.96.36.199/32,188.8.131.52/32]
> > I still get portscan alerts from these hosts in ~logdir/log and
> > ~logdir/portscan.log
> Thats because DNS_SERVERS is in there for a reference.
> Do you have the following?
> preprocessor portscan-ignorehosts: $DNS_SERVERS
> Brian Caswell
> The MITRE Corporation
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
More information about the Snort-users