[Snort-users] DNS spoof

Dr. Aldo Medina aldo_medina at ...131...
Mon Jul 12 21:05:17 EDT 2004


I regularly get messages like this in my logs:

Jul  2 12:29:00 aldomedina snort: [1:254:2] DNS SPOOF
query response with ttl: 1 min. and no authority
[Classification: Potentially Bad Traffic] [Priority:
2]:
{UDP} 200.23.242.196:53 -> mydinamicip:someport

200.23.242.196 is my ISP's DNS server. I suppose I
shouldn't worry, but why am I getting this responses,
and should I report them either to Telmex or to Snort
false positives team?. TIA


		
__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail




More information about the Snort-users mailing list