[Snort-users] couple questions

Karen Marino kmarino at ...3598...
Tue Oct 2 10:45:03 EDT 2001


Sorry I meant to reply to the group.  

I have a question about this alert also, is it possible to monitor this
rule but exclude port 53 to 53 on only my dns servers?

Thanks,
Karen


-----Original Message-----
From: Ilya [mailto:mail at ...3442...] 
Sent: Tuesday, October 02, 2001 12:22 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] couple questions

I have two questions :
1 how can i stop this
10/02-00:15:28.424495  [**] [1:515:2] MISC source port 53 to <1024 [**]
[Classification: Potentially  Bad Traffic] [Priority: 2] {UDP}
xx.xx.xx.xx:53 -> xx.xx.xx.xx:53

i run a dns server, so this traffic should be ok. but i still want to be
notified about everything else "Potentially Bad".

Also in snort.conf I setup :
output alert_syslog: LOG_LOCAL5
but nothing goes to the syslog. however everything is logged to usual
files.
I am running freebsd 4.4

thx


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list