I'm pretty sure that it is real. I'll keep watching for a while before I filter it out.
Doug Gough
-----Original Message-----
From: Yoann Vandoorselaere [SMTP:[EMAIL PROTECTED]]
Sent: Friday, May 11, 2001 11:11 AM
To: Doug Gough
Cc: '[EMAIL PROTECTED]'
Subject: Re: [Cooker] prelude ids questions
Doug Gough <[EMAIL PROTECTED]> writes:
> Maybe someone here can help me. I would like to be able to tell prelude ids
> to stop logging the scans from our isp's dns server. Is there a way to tell
> it to ignore stuff from one particular ip? I am using cookfire rc1. Perhaps
> you could point me to some documentation. I have looked at the prelude web
> page, but the documentation is aimed at developers.
yop, use a BPF rule, like with tcpdump... for exemple :
prelude -i eth0 '! src host x.x.x.x'
Ps : does this scan is real, or does it seem to you
like a false positive ?
--
Yoann Vandoorselaere | "Programming is a race between programmers, who try and
MandrakeSoft | make more and more idiot-proof software, and universe,
| which produces more and more remarkable idiots. Until
| now, universe leads the race" -- R. Cook
