On Fri, 2003-03-21 at 15:48, rmkml wrote: > Hi, > > I have a pb, > > start cmd : > $ dig @mydnspubip axfr > > Yes, I not have zone in request ! > > and my pb is: Firestorm not view this ! > > but if add zone in request : > $ dig @mydnspubip test.uk axfr > > ok Firestorm view this ... > > Prelude have same pb, > but snort view two request ... Can you post the rule that it is alerting on? Can you get me a tcpdump of the traffic with the minimum set of packets to make snort alert? Which version of snort are you using? Same rules in snort and firestorm right? ;) -- // Gianni Tedesco (gianni at scaramanga dot co dot uk) lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import 8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D
Attachment:
signature.asc
Description: This is a digitally signed message part