[Snort-users] Not ignoring DNS servers

Paul Slinski pauls at ...3346...
Thu Sep 6 10:58:06 EDT 2001


I have snort set up the following way in snort.conf (snort rules from
snort site):

var DNS_SERVERS [206.191.0.140/32,206.191.0.210/32]

and

preprocessor portscan-ignorehosts: $DNS_SERVERS

Yet snort still reports:
[**] [1:0:0] ICMP Destination Unreachable (Port Unreachable) [**]
09/06-00:02:01.200180 206.191.19.2 -> 206.191.0.210
ICMP TTL:255 TOS:0xC0 ID:51451 IpLen:20 DgmLen:141
Type:3 Code:3 DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
206.191.0.210:53 -> 206.191.19.2:4611
UDP TTL:253 TOS:0x0 ID:13975 IpLen:20 DgmLen:113
Len: 93
** END OF DUMP

Any ideas?

-Paul





More information about the Snort-users mailing list