I have the following entry in /etc/snort/snort.conf var DNS_SERVERS [192.168.0.0/24,216.148.227.68/32,204.127.202.4/32]
The 192... is a local private network and the next 2 addresses are dns servers. Snort is constantly logging activity to the 1st dns server as a portscan, and as I understand it, this config entry is supposed to eliminate that. Is this incorrect? thanks, jc -- Jeff Coppock Systems Engineer Diggin' Debian Admin and User -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
