[Snort-users] DNS SPOOF from my ISP's DNS servers

Dr. Aldo Medina aldo_medina at ...131...
Fri Jul 2 16:44:07 EDT 2004


I regularly get messages like this in my logs:

Jul  2 12:29:00 aldomedina snort: [1:254:2] DNS SPOOF
query response with ttl: 1 min. and no authority
[Classification: Potentially Bad Traffic] [Priority:
2]:
{UDP} 200.23.242.196:53 -> mydinamicip:someport

200.23.242.196 is my ISP's DNS server. I suppose I
shouldn't worry, but why am I getting this responses,
and should I report them either to Telmex or to Snort
false positives team?. TIA

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 




More information about the Snort-users mailing list