Jeff, 2002-May-06 04:27 -0700: > dafr, 2002-May-03 10:52 -0700: > > Jeff, > > > > I had this problem initially as well when I reconfigured snort, until I > > restarted the service. Quite obvious in retrospect, but when I missed > > it initially, I could see others doing the same. > > > > There is also a section towards the bottom of the snort.conf file that > > you _also_ have to unhash, for DNS_SERVERS, IIRC, to actually activate > > the DNS filter. > > > > HTH, > > David > > David, > > Thanks for the pointer. I found the section and uncommented it > and then restarted snort. I'll be watching my logs and let you > know what I see.
After a couple of weeks with these settings, no more portscans are being registered by my dns servers. Thanks for you help David. jc -- Jeff Coppock Systems Engineer Diggin' Debian Admin and User -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
