Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:257 |
Message | DNS named version attempt |
Summary | A remote machine attempted to determine the version of your DNS server. |
Impact | Could indicate an impending attack, or maybe an innocent reconnaissance attempt. |
Detailed Information | A remote machine attempted to determine the version of your BIND DNS server. |
Affected Systems | |
Attack Scenarios | As part of reconnaissance leading upto a potential intrusion attempt, an attacker may attempt to determine the BIND version that you are running in hopes of finding an unpatched version. |
Ease of Attack | Simple |
Corrective Action | Disable the ability for untrusted (remote) machines to determine your named version. |
Additional References | |
Rule References | arachnids: 278 nessus: 10028 |
--
DID:254609
--
http://www.aanval.com/