Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Name resolution

From: Kendall Lister <krl () cs mu OZ AU>
Date: Fri, 18 May 2001 09:40:21 +1000 (EST)
On Thu, 17 May 2001, Subba Rao wrote:


This is going to be a very basic question. I do see (on daily basis)
attempts to connect to the sunrpc services (port 111). When I try to
resolve the IP address, I always get,

*** myhost.mydom.com can't find sys.no.edu: Non-existent host/domain

How are these hackers conducting the hacks? They should get some
response back from my machine. If their host/domain does not exist,
then where are the replies from my system going?


There is no need for a particular IP address to have a corresponding DNS
host name; all TCP/IP traffic actually occurs between hosts identified
by IP addresses. So, for example, you could "telnet aa.bb.cc.dd" to try to
connetc to the systems that are probing you - you don't need to sue a host
name to get through.

Kendall
krl () cs mu oz au


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: