[Snort-users] DNS portscan alerts
Leigh David Heyman
leigh at ...5300...
Fri Mar 15 09:21:07 EST 2002
> I did'nt have this problem when i used to run bind, It used to run on
> the public interface though.
Of course you didn't if you were running snort on the local interface, and
bind on the public interface. I imagine if you run bind on the local
interface you'd get the same effect
> How can i tell snort to ignore this portscans, I cannot list every DNS
> server in the portscan-ignorehosts.
will this work? Defining a network without your DNS server(s)
var HOME_NET_NODNS [$HOME_NET,!your.dns.ip/32]
preprocessor portscan: $HOME_NET_NODNS 4 3 portscan.log
The difference between the right word and the almost right word is the
difference between lightning and the lightning bug.
-- Mark Twain
More information about the Snort-users