Intrusion Detection Systems mailing list archives

Re: reading signatures?

From: secureaustin () consultant com (H D Moore)
Date: Sun, 24 Oct 1999 23:36:15 -0500



Hi,

This could be your machine 'myhost' querying the DNS servers of the
other sites listed.  I am assuming this is UDP traffic, so zone
transfers are out.  Nothing to worry about yet unless 'myhost' isnt your
DNS server...

Can anyone give me some insight into what this means?

14:17:51.220753 myhost.here.com.9999 > othersite.there.com.53: 1205+ (45)
14:17:51.718414 myhost.here.com.9999 > othersite.there.com.53: 1205+ (45)
14:42:49.550408 myhost.here.com.9999 > anothersite.there.com.53: 1194+ (45)
Thanks,
Matt

Current thread:

reading signatures? matthew.fearnow () mcp com (Oct 22)
- Re: reading signatures? Trevor Schroeder (Oct 22)
- Problem in snort 1.3 Fabio Pietrosanti (Oct 24)
  - Re: Problem in snort 1.3 H D Moore (Oct 24)
  - Re: Problem in snort 1.3 Lance Spitzner (Oct 24)
    - Re: Problem in snort 1.3 Ron Gula (Oct 25)
  - Re: Problem in snort 1.3 Martin Roesch (Oct 25)
  - Traffic Lister, Justin (Oct 25)
  - Comparison of several IDS Lister, Justin (Oct 25)
- Re: reading signatures? H D Moore (Oct 24)
- <Possible follow-ups>
- RE: reading signatures? matthew.fearnow () mcp com (Oct 22)
  - RE: reading signatures? Kim Robert Blix (Oct 25)
- Re: reading signatures? Robert Graham (Oct 22)
- RE: reading signatures? Alex.Senkevitch () midata com (Oct 27)
  - RE: reading signatures? Ron Gula (Oct 27)