Fernando Cardoso wrote:
>
> My IDS logged the try:
>
> [**] IDS212/dns-zone-transfer [**]
> 08/31-17:19:10.789779 165.154.200.193:21368 -> my.name.server:53
> TCP TTL:109 TOS:0x0 ID:44578 DF
> *****PA* Seq: 0xB4A43A Ack: 0xE367A43 Win: 0x2000
> 00 17 86 39 01 00 00 01 00 00 00 00 00 00 02 62 ...9...........b
> 6E 02 70 74 00 00 0F 00 01 n.pt.....
>
> Nothing new here... What is strange is that nothing was logged in the
> nameserver!! I've tried zone transfers with dig, nslookup, host and even
> with Sam Spade and all of them left a log entry in the nameserver (bind
> 8.2.2-P5).
The snort filter for zone transfers picks up _any_ connections to TCP
port 53. Whether or not they actually treid to transfer a zone after
making that connection determines what is logged.
-HD
odin:~ # binfo-udp www.digitaloffense.net
www.digitaloffense.net's named that errors on iquery is version:
SkriptKiddieKiller/1.0
Received on Sep 04 2000
Intro
