Snort mailing list archives
sid: 2009702 external DNS updates?
From: MLP SCADA <MLPSCADA () ci anchorage ak us>
Date: Wed, 15 May 2013 16:26:14 -0800
Greetings all. I'm getting a lot of these: sid: 2009702 ET POLICY DNS Update From External net There are two targets (or destinations); both are Winserver 2003 AD DNS boxes, and are the proper ip addresses for our DNS. All the originating boxes are also Windows boxes of either 2003 or XP Pro flavour. All IPs on these networks are static; there is no DHCP assignment on these networks. I seem to recall from another life that even if a dohs client box has an assigned static ip, it will still attempt to 'talk' to AD DNS. Does anyone know if this this correct? Or is there something else going on? If the above is correct, is this behaviour I can turn off on the windows client box? Hopefully from AD? Is there any reason not to? Or should I just leave the windows boxes alone and instead create a 'windows' list of windows box ips and put a !windows exclusion for this rule in modifysid? Or something else? Thanks! ------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- sid: 2009702 external DNS updates? MLP SCADA (May 15)
- Re: sid: 2009702 external DNS updates? James Lay (May 15)
- <Possible follow-ups>
- Re: sid: 2009702 external DNS updates? MLP SCADA (May 22)
- Re: sid: 2009702 external DNS updates? James Lay (May 22)