next up previous contents
Next: Examples/Default Configuration from snort.conf Up: DNS Previous: DNS   Contents

Configuration

By default, all alerts are disabled and the preprocessor checks traffic on port 53.

The available configuration options are described below.

116.
ports $\{ <$port$> [<$port$> <...>] \}$

This option specifies the source ports that the DNS preprocessor should inspect traffic.

117.
enable_obsolete_types

Alert on Obsolete (per RFC 1035) Record Types

118.
enable_experimental_types

Alert on Experimental (per RFC 1035) Record Types

119.
enable_rdata_overflow

Check for DNS Client RData TXT Overflow

The DNS preprocessor does nothing if none of the 3 vulnerabilities it checks for are enabled. It will not operate on TCP sessions picked up midstream, and it will cease operation on a session if it loses state because of missing data (dropped packets).


Eugene Misnik 2013-05-08