On Fri, 2003-03-21 at 16:12, rmkml wrote: > ok > > I found rules on firestorm : > alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"DNS zone transfer"; > flow:to_server,established; content: "|00 00 FC|"; offset:13; > reference:cve,CAN-1999-0532; reference:arachnids,212; > classtype:attempted-recon; sid:255; rev:6;) > > and I found rules on snort : > alert tcp $EXTERNAL_NET any -> $DNS_SERVERS 53 (msg:"DNS zone transfer > TCP"; flow:to_server,established; content: "|00 00 FC|"; offset:14; > reference:cve,CAN-1999-0532; reference:arachnids,212; > classtype:attempted-recon; sid:255; rev:7;) > What are the EXTERNAL_NET,HOME_NET and DNS_SERVERS set to in each configuration? -- // Gianni Tedesco (gianni at scaramanga dot co dot uk) lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import 8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D
Attachment:
signature.asc
Description: This is a digitally signed message part