TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- Hey everyone, Before I begin, I am running RS 5 with the default settings for UDP port scans (30 ports, 30 Delta) I am seeing an inordinately large number of UDP port scans showing up on my console, seemingly from normal DNS operations. Pretty much all of them have DNS as the source or destination port. The question I have is why is this happening? First of all, how can a port scan have a "destination port"...by definition it means that there are multiple ports involved. Second, how can I stop this from happening so much? I don't want to filter out traffic to DNS completely, and as far as I can tell the delta setting isn't working in he first place...what can I do? Also, my other problem is that I am seeing the IDDuplicate signature triggered. The signature reports different MAC and IP addresses and the machines do not have hostnames assocaited with them. Am I missing something? Thanks, Dave -^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^- Dave O'Connor - Security Specialist StorageNetworks, Inc. Email: David.O'[EMAIL PROTECTED] Phone: (781) 622-6458 eFax: (413) 502-5917
