Snort mailing list archives

RE: DNS spoof

From: "Dave Randolph" <drandolph () nstarbank com>
Date: Tue, 13 Jul 2004 10:40:57 -0500

I get tons of these from some Verizon name servers.  Drives me crazy.  A verdict on the correct procedure would be 
great.  The last time I spoke to Verizon about problems on their end nothing really happened so I'm reluctant to call 
them & try to work through it.

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Dr. Aldo
Medina
Sent: Monday, July 12, 2004 11:05 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] DNS spoof

I regularly get messages like this in my logs:

Jul  2 12:29:00 aldomedina snort: [1:254:2] DNS SPOOF
query response with ttl: 1 min. and no authority
[Classification: Potentially Bad Traffic] [Priority:
2]:
{UDP} 200.23.242.196:53 -> mydinamicip:someport

200.23.242.196 is my ISP's DNS server. I suppose I
shouldn't worry, but why am I getting this responses,
and should I report them either to Telmex or to Snort
false positives team?. TIA

__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail

-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

#####################################################################################

This email has been scanned by MailMarshal, an email content filter. 
Please contact Administrator () nstarbank com if you have any questions or 
comments. Thank you.
#####################################################################################


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

DNS spoof Dr. Aldo Medina (Jul 12)
- <Possible follow-ups>
- RE: DNS spoof Dave Randolph (Jul 13)