> Snort grabbed the following traces last night. The source is my ISP's DNS > server. Any ideas? > > May 28 21:42:40 111.222.333.444:53 -> 192.168.1.1:61068 UDP > May 28 21:42:43 111.222.333.444:53 -> 192.168.1.1:61069 UDP > May 28 21:42:43 111.222.333.444:53 -> 192.168.1.1:61070 UDP > May 28 21:42:43 111.222.333.444:53 -> 192.168.1.1:61071 UDP [...] That, most likely, your IDS has no clue. Your ISP is responding to your DNS requests, and you're detecting them as an "attack". What's more, users of these broken IDSs often firewall their ISP's DNS servers, and then ring the ISP and say "why can't I web browse anymore?" *sigh* David. -- David Luyer Phone: +61 3 9674 7525 Engineering Projects Manager P A C I F I C Fax: +61 3 9699 8693 Pacific Internet (Australia) I N T E R N E T Mobile: +61 4 1111 2983 http://www.pacific.net.au/ NASDAQ: PCNTF
This archive was generated by hypermail 2b30 : Tue May 29 2001 - 22:03:44 PDT