Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] DNS zone transfer
- Date: Thu, 30 Jan 2003 12:42:22 +0900
- From: Matt Doughty <wyndigo@example.com>
- Subject: Re: [tlug] DNS zone transfer
- References: <20030130122944.2ed55670.9915104t@example.com>
- User-agent: Mutt/1.4i
On Thu, Jan 30, 2003 at 12:29:44PM +0900, Botond Botyanszki wrote:
> I'm getting the following logs from snort every 5 minutes. This all started
> about 3 days ago.
>
> Jan 30 11:44:02 mick snort: [1:255:2] DNS zone transfer [Classification:
> Attempted Information Leak] [Priority: 2]: {TCP} x.x.x.x:2310 -> y.y.y.y:53
> Jan 30 11:48:59 mick snort: [1:255:2] DNS zone transfer [Classification:
> Attempted Information Leak] [Priority: 2]: {TCP} x.x.x.x:2313 -> y.y.y.y:53
>
> Both the target and source have NS services running. I don't see why the above
> should be considered bad or harmful.
> Could someone enlighten me before I disable this snort rule?
>
>
Zone transfers are only really needed for DNS slaving. It is generally
considered an attempt to get to much information unless it is in the
aforementioned role as slave server. Some would say it is, like
port scanning, another aspect of digital casing. Anyway, there is
no inherent harm if you aren't protective your systems layout information.
--Matt
- References:
- [tlug] DNS zone transfer
- From: Botond Botyanszki
- [tlug] DNS zone transfer
- Prev by Date: [tlug] DNS zone transfer
- Next by Date: Re: [tlug] DNS zone transfer
- Previous by thread: [tlug] DNS zone transfer
- Next by thread: Re: [tlug] DNS zone transfer
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |