[Snort-users] Name resolution
Kendall Lister
krl at ...1908...
Thu May 17 19:40:21 EDT 2001
On Thu, 17 May 2001, Subba Rao wrote:
> This is going to be a very basic question. I do see (on daily basis)
> attempts to connect to the sunrpc services (port 111). When I try to
> resolve the IP address, I always get,
>
> *** myhost.mydom.com can't find sys.no.edu: Non-existent host/domain
>
> How are these hackers conducting the hacks? They should get some
> response back from my machine. If their host/domain does not exist,
> then where are the replies from my system going?
There is no need for a particular IP address to have a corresponding DNS
host name; all TCP/IP traffic actually occurs between hosts identified
by IP addresses. So, for example, you could "telnet aa.bb.cc.dd" to try to
connetc to the systems that are probing you - you don't need to sue a host
name to get through.
Kendall
krl at ...1907...
More information about the Snort-users
mailing list