[Snort-users] DNS spoof

Dave Randolph drandolph at ...10988...
Tue Jul 13 08:42:01 EDT 2004


I get tons of these from some Verizon name servers.  Drives me crazy.  A verdict on the correct procedure would be great.  The last time I spoke to Verizon about problems on their end nothing really happened so I'm reluctant to call them & try to work through it.

>-----Original Message-----
>From: snort-users-admin at lists.sourceforge.net
>[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Dr. Aldo
>Medina
>Sent: Monday, July 12, 2004 11:05 PM
>To: snort-users at lists.sourceforge.net
>Subject: [Snort-users] DNS spoof
>
>
>I regularly get messages like this in my logs:
>
>Jul  2 12:29:00 aldomedina snort: [1:254:2] DNS SPOOF
>query response with ttl: 1 min. and no authority
>[Classification: Potentially Bad Traffic] [Priority:
>2]:
>{UDP} 200.23.242.196:53 -> mydinamicip:someport
>
>200.23.242.196 is my ISP's DNS server. I suppose I
>shouldn't worry, but why am I getting this responses,
>and should I report them either to Telmex or to Snort
>false positives team?. TIA
>
>
>		
>__________________________________
>Do you Yahoo!?
>Yahoo! Mail is new and improved - Check it out!
>http://promotions.yahoo.com/new_mail
>
>
>-------------------------------------------------------
>This SF.Net email sponsored by Black Hat Briefings & Training.
>Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
>digital self defense, top technical experts, no vendor pitches, 
>unmatched networking opportunities. Visit www.blackhat.com
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
#####################################################################################

This email has been scanned by MailMarshal, an email content filter. 
Please contact Administrator at ...10988... if you have any questions or 
comments. Thank you.
#####################################################################################




More information about the Snort-users mailing list