Snort mailing list archives
RE: DNS spoof
From: "Dave Randolph" <drandolph () nstarbank com>
Date: Tue, 13 Jul 2004 10:40:57 -0500
I get tons of these from some Verizon name servers. Drives me crazy. A verdict on the correct procedure would be great. The last time I spoke to Verizon about problems on their end nothing really happened so I'm reluctant to call them & try to work through it.
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Dr. Aldo Medina Sent: Monday, July 12, 2004 11:05 PM To: snort-users () lists sourceforge net Subject: [Snort-users] DNS spoof I regularly get messages like this in my logs: Jul 2 12:29:00 aldomedina snort: [1:254:2] DNS SPOOF query response with ttl: 1 min. and no authority [Classification: Potentially Bad Traffic] [Priority: 2]: {UDP} 200.23.242.196:53 -> mydinamicip:someport 200.23.242.196 is my ISP's DNS server. I suppose I shouldn't worry, but why am I getting this responses, and should I report them either to Telmex or to Snort false positives team?. TIA __________________________________ Do you Yahoo!? Yahoo! Mail is new and improved - Check it out! http://promotions.yahoo.com/new_mail ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
##################################################################################### This email has been scanned by MailMarshal, an email content filter. Please contact Administrator () nstarbank com if you have any questions or comments. Thank you. ##################################################################################### ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- DNS spoof Dr. Aldo Medina (Jul 12)
- <Possible follow-ups>
- RE: DNS spoof Dave Randolph (Jul 13)