Security Incidents mailing list archives

RE: DNS help

From: Tom Arseneault <TArseneault () counterpane com>
Date: Thu, 12 Dec 2002 13:24:40 -0800

He said it was a shadow IDS which uses tcpdump as the sensor.

-----Original Message-----
From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu]
Sent: Thursday, December 12, 2002 12:05 PM
To: larosa, vjay
Cc: incidents () securityfocus com
Subject: Re: DNS help 

On Thu, 12 Dec 2002 14:54:29 EST, "larosa, vjay" said:

That is exactly what I am trying to figure out. What is the meaning
of '[1au][|domain]'. 56162 is the DNS transaction ID. When a DNS server


What IDS produced the log?  Not knowing that, it's almost impossible to say.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

DNS help larosa, vjay (Dec 11)
- Re: DNS help Valdis . Kletnieks (Dec 12)
- <Possible follow-ups>
- RE: DNS help larosa, vjay (Dec 12)
  - Re: DNS help Valdis . Kletnieks (Dec 12)
  - Re: DNS help Matt Zimmerman (Dec 16)
- RE: DNS help Tom Arseneault (Dec 12)
- RE: DNS help Faron . Golden (Dec 12)