Snort mailing list archives
Re: DNS SPOOF query response with ttl: 1 min. and no authority
From: "James" <the_saint_james () yahoo com>
Date: Sun, 16 Dec 2001 01:07:34 -0700
So dig thinks it finds a nameserver at tully.cablevision.com, but I get nothing back.. I wouldn't say that tells us much about whether it's been DDoS'ed or whatever.
Thanks for clearing up the NS not responding vs NS responding, but no records.
What sort of response were you expecting? What prompted the query to 216.blah.blah in the first place?
Who knows ! Many users (ISP) use this NS so logging is not deep enough to see the whole trail of DSN queries and responses. So the context is lost and this is just a packet Snort did not like. Maybe Santa will bring me that syslog server I have been asking work for, then I can really see the big picture. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- DNS SPOOF query response with ttl: 1 min. and no authority David E. Gianndrea (Dec 14)
- Re: DNS SPOOF query response with ttl: 1 min. and no authority John Sage (Dec 14)
- Re: DNS SPOOF query response with ttl: 1 min. and no authority John Sage (Dec 15)
- Re: DNS SPOOF query response with ttl: 1 min. and no authority James (Dec 15)
- Re: DNS SPOOF query response with ttl: 1 min. and no authority John Sage (Dec 15)
- Re: DNS SPOOF query response with ttl: 1 min. and no authority James (Dec 16)
- Re: DNS SPOOF query response with ttl: 1 min. and no authority John Sage (Dec 15)
- Re: DNS SPOOF query response with ttl: 1 min. and no authority John Sage (Dec 14)