Snort mailing list archives
DNS spoof
From: "Dr. Aldo Medina" <aldo_medina () yahoo com>
Date: Mon, 12 Jul 2004 21:04:46 -0700 (PDT)
I regularly get messages like this in my logs: Jul 2 12:29:00 aldomedina snort: [1:254:2] DNS SPOOF query response with ttl: 1 min. and no authority [Classification: Potentially Bad Traffic] [Priority: 2]: {UDP} 200.23.242.196:53 -> mydinamicip:someport 200.23.242.196 is my ISP's DNS server. I suppose I shouldn't worry, but why am I getting this responses, and should I report them either to Telmex or to Snort false positives team?. TIA __________________________________ Do you Yahoo!? Yahoo! Mail is new and improved - Check it out! http://promotions.yahoo.com/new_mail ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- DNS spoof Dr. Aldo Medina (Jul 12)
- <Possible follow-ups>
- RE: DNS spoof Dave Randolph (Jul 13)