He said it was a shadow IDS which uses tcpdump as the sensor. -----Original Message----- From: Valdis.Kletnieksat_private [mailto:Valdis.Kletnieksat_private] Sent: Thursday, December 12, 2002 12:05 PM To: larosa, vjay Cc: incidentsat_private Subject: Re: DNS help On Thu, 12 Dec 2002 14:54:29 EST, "larosa, vjay" said: > That is exactly what I am trying to figure out. What is the meaning > of '[1au][|domain]'. 56162 is the DNS transaction ID. When a DNS server What IDS produced the log? Not knowing that, it's almost impossible to say. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Dec 12 2002 - 13:42:06 PST