Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:257 |
| Message | DNS named version attempt |
| Summary | A remote machine attempted to determine the version of your DNS server. |
| Impact | Could indicate an impending attack, or maybe an innocent reconnaissance attempt. |
| Detailed Information | A remote machine attempted to determine the version of your BIND DNS server. |
| Affected Systems | |
| Attack Scenarios | As part of reconnaissance leading upto a potential intrusion attempt, an attacker may attempt to determine the BIND version that you are running in hopes of finding an unpatched version. |
| Ease of Attack | Simple |
| Corrective Action | Disable the ability for untrusted (remote) machines to determine your named version. |
| Additional References | |
| Rule References | arachnids: 278 nessus: 10028 |
--
DID:254609
--
http://www.aanval.com/