[Snort-users] Not ignoring DNS servers

Paul Slinski pauls at ...3346...
Thu Sep 6 11:23:05 EDT 2001


That appears to be a windoze problem. I have a small firewall set up at
home for the house to browse though and the only hosts that generate that
error are the windoze machines.

There's my tidbit...
-Paul

On Thu, 6 Sep 2001, Snoopy wrote:

> Date: Thu, 6 Sep 2001 14:15:32 -0400
> From: Snoopy <wayne at ...3179...>
> To: Paul Slinski <pauls at ...3346...>, snort-users at lists.sourceforge.net
> Subject: RE: [Snort-users] Not ignoring DNS servers
>
> Dudes,
>
> I have the same problems somewhat. I have even put the IPs in the
> preprocessor line instead of the $DNS_SERVER variable. Actually I
> have tried both ways.  I am running the Windows port of snort on a
> win2k box. The error is
>
> MISC source port 53 to < 1024  10.X.X.X 10.Y.Y.Y UDP.
>
> We are running What's Up as a SNMP trap monitor as well as some
> service monitoring.
>
> Wayne
>
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Paul
> Slinski
> Sent: Thursday, September 06, 2001 1:50 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Not ignoring DNS servers
>
>
> I have snort set up the following way in snort.conf (snort rules from
> snort site):
>
> var DNS_SERVERS [206.191.0.140/32,206.191.0.210/32]
>
> and
>
> preprocessor portscan-ignorehosts: $DNS_SERVERS
>





More information about the Snort-users mailing list