Snort mailing list archives
RE: When does snort/ACID do DNS lookups
From: todb () planb-security net
Date: Thu, 3 Jun 2004 16:28:51 -0500 (CDT)
The DNS cache capability is needed, but doesn't appear to be bug free. ;)
Just to drop in $0.02... Personally, I hardly ever need to know a DNS name of an attacker, and I'd be pretty uncomfortable with my IDS infrastructure automatically kicking off lookups using potentially hostile DNS servers under the control of an attacker. About the only time I ever do DNS lookups on attackers any more is when I'm interested in the machine name, and if it has any magic words in it like "proxy" "squid" or "isa" in the machine name. -Tod ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- When does snort/ACID do DNS lookups Humes, David G. (Jun 03)
- RE: When does snort/ACID do DNS lookups Adriel T. Desautels (Jun 03)
- RE: When does snort/ACID do DNS lookups todb (Jun 03)
- <Possible follow-ups>
- RE: When does snort/ACID do DNS lookups Truax, Shawn (MBS) (Jun 04)
- RE: When does snort/ACID do DNS lookups Adriel T. Desautels (Jun 03)