[Snort-users] Cannot find alert

waldo kitty wkitty42 at ...14940...
Wed Feb 9 22:46:22 EST 2011


On 2/9/2011 12:59, Michael Lubinski wrote:
> I cannot find this alert for the life of me;
>
> "DNS SPOOF query response with TTL of 1 min. and no authority"
>
> using the command;
>
> grep -i "INSERT NUMEROUS SYNTAX'S" /etc/snort/gen-msg.map
>
> I seem to keep having issues finding certain alerts at times. Am I looking in
> the wrong place or is my .map file incorrect?

in addition to the other recommendations to look in the sid-msg.map file, 
perhaps looking for the "DNS SPOOF" alert text would make a difference? ;)

i don't think i've ever seen a rule with the msg text of "insert numerous 
syntax's" and have no clue where you might be seeing that :?




More information about the Snort-users mailing list