sid: 2009702 external DNS updates?

[MLP SCADA <MLPSCADA () ci anchorage ak us>]

Greetings all.

I'm getting a lot of these:

sid: 2009702 ET POLICY DNS Update From External net 

There are two targets (or destinations); both are Winserver 2003 AD DNS boxes, and are the proper ip addresses for our 
DNS.  All the originating boxes are also Windows boxes of either
2003 or XP Pro flavour.

All IPs on these networks are static; there is no DHCP assignment on these networks.

I seem to recall from another life that even if a dohs client box has an assigned
static ip, it will still attempt to 'talk' to AD DNS.  Does anyone know if this this 
correct?  Or is there something else going on?

If the above is correct, is this behaviour I can turn off on the windows client box?  Hopefully from AD?

Is there any reason not to?  

Or should I just leave the windows boxes alone and instead create
a 'windows' list of windows box ips and put a !windows exclusion for this rule in modifysid?  

Or something else?

Thanks!



------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!