[Snort-users] DNS SPOOF from my ISP's DNS servers
This is a discussion on [Snort-users] DNS SPOOF from my ISP's DNS servers within the Snort forums, part of the System Security and Security Related category; I regularly get messages like this in my logs: Jul 2 12:29:00 aldomedina snort: [1:254:2] DNS ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-03-2004
|
|||
|
|||
[Snort-users] DNS SPOOF from my ISP's DNS servers
I regularly get messages like this in my logs:
Jul 2 12:29:00 aldomedina snort: [1:254:2] DNS SPOOF query response with ttl: 1 min. and no authority [Classification: Potentially Bad Traffic] [Priority: 2]: {UDP} 200.23.242.196:53 -> mydinamicip:someport 200.23.242.196 is my ISP's DNS server. I suppose I shouldn't worry, but why am I getting this responses, and should I report them either to Telmex or to Snort false positives team?. TIA __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
