Snort mailing list archives
RE: DNS 53 <-> 53 ?
From: "Jens Hassler" <j.hassler () gmx net>
Date: Wed, 18 Jul 2001 08:26:29 +0200
Hi Graeme,
14:21:22.145075 < 0:b0:c2:8b:bd:3 0:0:0:0:0:1 ip 78: 14:54:26.078810 < 0:b0:c2:8b:bd:3 0:0:0:0:0:1 ip 79: 15:17:42.677608 < 0:b0:c2:8b:bd:3 0:0:0:0:0:1 ip 83:
Let me guess... your Snort box is effectively *outside* your router/firewall, right?
Snort is running on the same box as the firewall. It's connected to the router which is connected to the Internet.
Snort is seeing the HW address of your router/firewall.
Yeah, you're right... Thanks a lot for your info, I just thought over it and how routing works. I think I got it now :-) I'll write a mail to the admins of these three IPs to find out why they're forwarding DNS traffic to our machine. Bye, Jens _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: DNS 53 <-> 53 ?, (continued)
- Re: DNS 53 <-> 53 ? Ramin Alidousti (Jul 17)
- RE: DNS 53 <-> 53 ? John Berkers (Jul 17)
- Re: DNS 53 <-> 53 ? Ramin Alidousti (Jul 17)
- RES: DNS 53 <-> 53 ? Marcus Rocha (Jul 17)
- RE: DNS 53 <-> 53 ? John Berkers (Jul 17)
- Re: DNS 53 <-> 53 ? Blake Frantz (Jul 17)
- Re: DNS 53 <-> 53 ? Ramin Alidousti (Jul 17)
- RE: DNS 53 <-> 53 ? Jens Hassler (Jul 17)
- RE: DNS 53 <-> 53 ? Jens Hassler (Jul 17)
- RE: DNS 53 <-> 53 ? Graeme Fowler (Jul 17)
- Re: DNS 53 <-> 53 ? Ramin Alidousti (Jul 17)
- RE: DNS 53 <-> 53 ? Jens Hassler (Jul 17)
- Re: DNS 53 <-> 53 ? Ramin Alidousti (Jul 17)