Snort mailing list archives
Re: DNS zone transfer UDP false positives in 1.9.1?
From: Erek Adams <erek () snort org>
Date: Mon, 10 Mar 2003 16:02:50 -0500 (EST)
On Mon, 10 Mar 2003, Ken Connelly wrote:
zone trasnsfers are done via TCP, not UDP. normal dns lookups are done via UDP. this alert must be mislabeled.
Well... RFC 1035 states that 'UDP is not acceptable for zone transfers', but it does not state that it _could_ or _would_ not happen. As long as it's under 512 bytes, it should work. :-/ I'm not entirely sure it's mislabled. You might want to bounce this over to the snort-sigs list so Brian, Resident Rules Dictator, can have a looksee. :) ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- DNS zone transfer UDP false positives in 1.9.1? Matt Kettler (Mar 10)
- Re: DNS zone transfer UDP false positives in 1.9.1? Ken Connelly (Mar 10)
- Re: DNS zone transfer UDP false positives in 1.9.1? Matt Kettler (Mar 10)
- Re: DNS zone transfer UDP false positives in 1.9.1? Erek Adams (Mar 10)
- Re: DNS zone transfer UDP false positives in 1.9.1? Ken Connelly (Mar 10)