[Snort-users] Not ignoring DNS servers
pauls at ...3346...
Thu Sep 6 11:23:05 EDT 2001
That appears to be a windoze problem. I have a small firewall set up at
home for the house to browse though and the only hosts that generate that
error are the windoze machines.
There's my tidbit...
On Thu, 6 Sep 2001, Snoopy wrote:
> Date: Thu, 6 Sep 2001 14:15:32 -0400
> From: Snoopy <wayne at ...3179...>
> To: Paul Slinski <pauls at ...3346...>, snort-users at lists.sourceforge.net
> Subject: RE: [Snort-users] Not ignoring DNS servers
> I have the same problems somewhat. I have even put the IPs in the
> preprocessor line instead of the $DNS_SERVER variable. Actually I
> have tried both ways. I am running the Windows port of snort on a
> win2k box. The error is
> MISC source port 53 to < 1024 10.X.X.X 10.Y.Y.Y UDP.
> We are running What's Up as a SNMP trap monitor as well as some
> service monitoring.
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Paul
> Sent: Thursday, September 06, 2001 1:50 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Not ignoring DNS servers
> I have snort set up the following way in snort.conf (snort rules from
> snort site):
> var DNS_SERVERS [18.104.22.168/32,22.214.171.124/32]
> preprocessor portscan-ignorehosts: $DNS_SERVERS
More information about the Snort-users