A little gotcha - well, as it relates to my reporter script
http://andrew.triumf.ca/pub/security/reporter/

The notes say to ignore DNS servers to avoid triggering the portscan
plugin. So I ignore the root nameservers, our onsite users use our
onsite nameservers, occasional DNS lookups are ignored, and everything
is OK.
Then someone brings a laptop onsite, forgets to reconfigure the
DNS from their home ISP, and does a lot of surfing. Result, 2 automated
complaints sent to their ISP (followed by manual "sorry! please ignore.").
I since fixed the script to ignore UDP source port 53.

Normally, I suppose, you would like to know about someone
misconfigured like this, but probably not to panic...

-- 
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376
securitytriumf.ca
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]