[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: firestorm-nids: DNS zone transfer TCP

To: rmkml <rmkml@xxxxxxxxxx>
Subject: Re: firestorm-nids: DNS zone transfer TCP
From: Gianni Tedesco <gianni@xxxxxxxxxx>
Date: 21 Mar 2003 16:44:08 +0000
Cc: firestorm@xxxxxxxxxxxxxxxx
Delivered-to: mailing list firestorm@scaramanga.co.uk
In-reply-to: <3E7B39EE.240DC37C@wanadoo.fr>
Mailing-list: contact firestorm-help@scaramanga.co.uk; run by ezmlm
References: <3E7B346B.EC43508A@wanadoo.fr> <3E7B39EE.240DC37C@wanadoo.fr>

On Fri, 2003-03-21 at 16:12, rmkml wrote:
> ok
> 
> I found rules on firestorm :
> alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"DNS zone transfer";
> flow:to_server,established; content: "|00 00 FC|"; offset:13;
> reference:cve,CAN-1999-0532; reference:arachnids,212;
> classtype:attempted-recon; sid:255;  rev:6;)
> 
> and I found rules on snort :
> alert tcp $EXTERNAL_NET any -> $DNS_SERVERS 53 (msg:"DNS zone transfer
> TCP"; flow:to_server,established; content: "|00 00 FC|"; offset:14;
> reference:cve,CAN-1999-0532; reference:arachnids,212;
> classtype:attempted-recon; sid:255; rev:7;)
> 

What are the EXTERNAL_NET,HOME_NET and DNS_SERVERS set to in each
configuration?

-- 
// Gianni Tedesco (gianni at scaramanga dot co dot uk)
lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import
8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D

Attachment: signature.asc
Description: This is a digitally signed message part

References:
- firestorm-nids: DNS zone transfer TCP
  - From: rmkml
- Re: firestorm-nids: DNS zone transfer TCP
  - From: rmkml

Prev by Date: Re: firestorm-nids: DNS zone transfer TCP
Next by Date: Re: firestorm-nids: DNS zone transfer TCP
Previous by thread: Re: firestorm-nids: DNS zone transfer TCP
Next by thread: nmap ping and firestorm
Index(es):
- Date
- Thread