Security Incidents mailing list archives
RE: DNS help
From: Tom Arseneault <TArseneault () counterpane com>
Date: Thu, 12 Dec 2002 13:24:40 -0800
He said it was a shadow IDS which uses tcpdump as the sensor. -----Original Message----- From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu] Sent: Thursday, December 12, 2002 12:05 PM To: larosa, vjay Cc: incidents () securityfocus com Subject: Re: DNS help On Thu, 12 Dec 2002 14:54:29 EST, "larosa, vjay" said:
That is exactly what I am trying to figure out. What is the meaning of '[1au][|domain]'. 56162 is the DNS transaction ID. When a DNS server
What IDS produced the log? Not knowing that, it's almost impossible to say. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- DNS help larosa, vjay (Dec 11)
- Re: DNS help Valdis . Kletnieks (Dec 12)
- <Possible follow-ups>
- RE: DNS help larosa, vjay (Dec 12)
- Re: DNS help Valdis . Kletnieks (Dec 12)
- Re: DNS help Matt Zimmerman (Dec 16)
- RE: DNS help Tom Arseneault (Dec 12)
- RE: DNS help Faron . Golden (Dec 12)