[Snort-users] dns servers
snortlst at ...125...
Fri Oct 19 11:56:09 EDT 2001
I see in the snort alert file a lot of entries like that:
dns server1 > firewall > ICMP unreachable
dns server2 > firewall > ICMP unreachable
(those are AT&T dns servers that are listed in DNS_SERVERS in snort.conf)
1. Why I do receive those messages? (They're supposed to be ignored because
of the DNS_SERVERS entry in snort.conf, right?)
2. Do you have any idea why dns severs send icmp traffic to our firewall?
(the're supposed to be talking udp-53 and that's it...)
More information about the Snort-users