|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
RE: DNS help
Date: Thu Dec 12 2002 - 14:54:29 EST
That is exactly what I am trying to figure out. What is the meaning
of '[1au][|domain]'. 56162 is the DNS transaction ID. When a DNS server
makes a request a number is tagged to it, that way when the reply comes
back it can match it up with the request. I just don't know what the meaning
of 1au is.
vjl
-----Original Message-----
From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu]
Sent: Thursday, December 12, 2002 12:18 PM
To: larosa, vjay
Cc: incidents@securityfocus.com
Subject: Re: DNS help
On Wed, 11 Dec 2002 16:09:49 EST, "larosa, vjay" <larosa_vjay@emc.com>
said:
> Hello,
familiar
> with snort
back
> fragmented.
Given that they fragged at 1480, I'd suspect you're going through a VPN at some point. You're going to their nameserver to look something up and the replies are gettng fragged on the way.
Is your DNS server a secondary for a zone hosted at outside.guy.com? This looks like it might be AXFR traffic. It's hard to tell without knowing what IDS produced the log entries - if I knew what '56162 [1au][|domain]' meant I could tell you more.
> 12:15:24.020319 DNS.server.com.33795 > outside.guy.com.domain: 56162
> 12:15:24.170988 outside.guy.com.domain > DNS.server.com.33795:
-- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.comReceived on Thu Dec 12 16:11:00 2002
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:54 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |