Snort mailing list archives
Re: DNS zone transfer?
From: "Marek Gutkowski" <hobbit () maxus com pl>
Date: Thu, 5 Jul 2001 20:50:43 +0200
----- Original Message ----- From: "Kiira Triea" <kiira-t () mail bsasinc org> To: <snort-users () lists sourceforge net> Sent: Thursday, July 05, 2001 6:48 PM Subject: Re: [Snort-users] DNS zone transfer?
Hi,I find it in my logs regularly. The first computer (initiating the connection) is a www/mail server, nothing to do with DNS, running under Linux.Oh that has a *lot* to do with dns... sendmail and bind are married.
Are qmail and NT DNS Server also married? :)
Well if the originating machine is a mail server then it would naturally be doing dns lookups in order to send mail out to plopmail.com and so connecting on port 53 (dns) of the NT running dns server. What makes you think this is an attempt at a zone transfer... that only happens between two DNS servers.
I read the RFC and now I'm wiser :) I thought that all DNS queries go as UDP packets. I was wrong. Snort was also wrong :) Thanks, Marek _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- DNS zone transfer? Marek Gutkowski (Jul 04)
- Re: DNS zone transfer? Kiira Triea (Jul 05)
- Re: DNS zone transfer? Blake Frantz (Jul 05)
- Re: DNS zone transfer? Marek Gutkowski (Jul 05)
- Re: DNS zone transfer? James Hoagland (Jul 11)
- Re: DNS zone transfer? Kiira Triea (Jul 05)