Jeff, I had this problem initially as well when I reconfigured snort, until I restarted the service. Quite obvious in retrospect, but when I missed it initially, I could see others doing the same.
There is also a section towards the bottom of the snort.conf file that you _also_ have to unhash, for DNS_SERVERS, IIRC, to actually activate the DNS filter. HTH, David --- Jeff <[EMAIL PROTECTED]> wrote: > I have the following entry in /etc/snort/snort.conf > > var DNS_SERVERS [192.168.0.0/24,216.148.227.68/32,204.127.202.4/32] > > The 192... is a local private network and the next 2 addresses > are dns servers. Snort is constantly logging activity to the 1st > dns server as a portscan, and as I understand it, this config > entry is supposed to eliminate that. Is this incorrect? > > thanks, > jc > > -- > Jeff Coppock Systems Engineer > Diggin' Debian Admin and User __________________________________________________ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
