[Snort-users] DNS SPOOF from my ISP's DNS servers

Dr. Aldo Medina aldo_medina at ...131...
Fri Jul 2 16:44:07 EDT 2004

I regularly get messages like this in my logs:

Jul  2 12:29:00 aldomedina snort: [1:254:2] DNS SPOOF
query response with ttl: 1 min. and no authority
[Classification: Potentially Bad Traffic] [Priority:
{UDP} -> mydinamicip:someport is my ISP's DNS server. I suppose I
shouldn't worry, but why am I getting this responses,
and should I report them either to Telmex or to Snort
false positives team?. TIA

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

More information about the Snort-users mailing list