ok join tcpdump. first session not view with firestorm/prelude, second session view with all firestorm/prelude/snort. I use snort 191b233, and firestorm 053pre. Regard. Gianni Tedesco wrote: > On Fri, 2003-03-21 at 15:48, rmkml wrote: > > Hi, > > > > I have a pb, > > > > start cmd : > > $ dig @mydnspubip axfr > > > > Yes, I not have zone in request ! > > > > and my pb is: Firestorm not view this ! > > > > but if add zone in request : > > $ dig @mydnspubip test.uk axfr > > > > ok Firestorm view this ... > > > > Prelude have same pb, > > but snort view two request ... > > Can you post the rule that it is alerting on? Can you get me a tcpdump > of the traffic with the minimum set of packets to make snort alert? > > Which version of snort are you using? > > Same rules in snort and firestorm right? ;) > > -- > // Gianni Tedesco (gianni at scaramanga dot co dot uk) > lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import > 8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D > > ------------------------------------------------------------------------ > Name: signature.asc > signature.asc Type: application/pgp-signature > Description: This is a digitally signed message part
Attachment:
dnsaxfrtcp.tcpdump.gz
Description: GNU Zip compressed data