[Snort-sigs] Question Alert 1948

Cathy Stallings cxxs at ...685...
Fri Jul 18 05:37:23 EDT 2003


Thank you for your attention and assistance. I was reviewing the various
snort alerts and came upon alert 1948 which confused me. It is DNS zone
transfer UDP. According to TCP/IP Illustrated, Volume 1 The Protocols by W.
Richard Stevens on page 206 "Zone transfers are done using TCP, since there
is much more data to transfer than a single query or response." So I was
wondering why the alert specified UDP? I hope you can educate me and thanks
again for the help.
Cathy


+---------------------------------------------------------------------------------------------------------+
| Cathy Stallings                       Mail Stop: B255
| Network Engineering                   Internet: cxxs at ...685...
| CCN-5 Security Team                   Voice: 505.667.2804
| Los Alamos National Laboratory        FAX: 505.665.7793
| Los Alamos, NM 87545          Location:TA3-SM1498-Rm 110
| Entrust Ready
+---------------------------------------------------------------------------------------------------------+





More information about the Snort-sigs mailing list