[Snort-users] Name resolution

Kendall Lister krl at ...1908...
Thu May 17 19:40:21 EDT 2001


On Thu, 17 May 2001, Subba Rao wrote:

> This is going to be a very basic question. I do see (on daily basis)
> attempts to connect to the sunrpc services (port 111). When I try to
> resolve the IP address, I always get,
> 
> *** myhost.mydom.com can't find sys.no.edu: Non-existent host/domain
> 
> How are these hackers conducting the hacks? They should get some
> response back from my machine. If their host/domain does not exist,
> then where are the replies from my system going?

There is no need for a particular IP address to have a corresponding DNS
host name; all TCP/IP traffic actually occurs between hosts identified
by IP addresses. So, for example, you could "telnet aa.bb.cc.dd" to try to
connetc to the systems that are probing you - you don't need to sue a host
name to get through.

Kendall
krl at ...1907...





More information about the Snort-users mailing list