RE: DNS help

From: Tom Arseneault (TArseneaultat_private)
Date: Thu Dec 12 2002 - 13:24:40 PST

Next message: Faron.Goldenat_private: "RE: DNS help"

Previous message: Valdis.Kletnieksat_private: "Re: DNS help"
Maybe in reply to: larosa, vjay: "DNS help"
Next in thread: Faron.Goldenat_private: "RE: DNS help"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

He said it was a shadow IDS which uses tcpdump as the sensor.

-----Original Message-----
From: Valdis.Kletnieksat_private [mailto:Valdis.Kletnieksat_private]
Sent: Thursday, December 12, 2002 12:05 PM
To: larosa, vjay
Cc: incidentsat_private
Subject: Re: DNS help 


On Thu, 12 Dec 2002 14:54:29 EST, "larosa, vjay" said:
> That is exactly what I am trying to figure out. What is the meaning
> of '[1au][|domain]'. 56162 is the DNS transaction ID. When a DNS server

What IDS produced the log?  Not knowing that, it's almost impossible to say.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Faron.Goldenat_private: "RE: DNS help"
Previous message: Valdis.Kletnieksat_private: "Re: DNS help"
Maybe in reply to: larosa, vjay: "DNS help"
Next in thread: Faron.Goldenat_private: "RE: DNS help"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Dec 12 2002 - 13:42:06 PST