[Snort-users] DNS spoof

Dr. Aldo Medina aldo_medina at ...131...
Mon Jul 12 21:05:17 EDT 2004

I regularly get messages like this in my logs:

Jul  2 12:29:00 aldomedina snort: [1:254:2] DNS SPOOF
query response with ttl: 1 min. and no authority
[Classification: Potentially Bad Traffic] [Priority:
{UDP} -> mydinamicip:someport is my ISP's DNS server. I suppose I
shouldn't worry, but why am I getting this responses,
and should I report them either to Telmex or to Snort
false positives team?. TIA

Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!

More information about the Snort-users mailing list