Re: Strange Alert
From: David (davidwnh_at_adelphia.net)
Date: 09/08/03
- Next message: sam: "Re: how to do penetration testing on firewall and IDS."
- Previous message: Duane Arnold: "Re: Stateful packet inspection for home users"
- In reply to: Damjan: "Re: Strange Alert"
- Next in thread: Damjan: "Re: Strange Alert"
- Reply: Damjan: "Re: Strange Alert"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 08 Sep 2003 15:02:47 GMT
If the the source ip address that sent that specific http request is the
same one that the NetBios lookup used as a destination IP addresss then yes.
>
> > If you lookup the address it has no reverse DNS entry. So when a
component
> > on your machine is looking up the IP address it follows with a netbios
> > lookup since the dns reverse lookup comes back empty. It will usually be
> > some kind of logging program that resolves ip addresses to dns addresses
> > that automatically does this. Good chance it is the logging function of
> your
> > firewall that is causing this.
>
> Tnx for answer!
>
> But interesting is that, when i had turn on apache server, was this two
> alert at the same time...
>
> this... GET /default.ida?XXXXXXXXX.... for that is guilty nimna virus on
> some server i thing..
>
> and know alert, that 192.168.0.1 wants to some ip on the net..
>
> Is maby that somehow connect?
- Next message: sam: "Re: how to do penetration testing on firewall and IDS."
- Previous message: Duane Arnold: "Re: Stateful packet inspection for home users"
- In reply to: Damjan: "Re: Strange Alert"
- Next in thread: Damjan: "Re: Strange Alert"
- Reply: Damjan: "Re: Strange Alert"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
