|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: James Lay (digitalx00
gmail.com)
Date: Wed May 15 2013 - 19:38:00 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
What do your HOME_NET and EXTERNAL_NET look like?
James
On May 15, 2013, at 6:26 PM, MLP SCADA <MLPSCADAci.anchorage.ak.us> wrote:
> Greetings all.
>
> I'm getting a lot of these:
>
> sid: 2009702 ET POLICY DNS Update From External net
>
> There are two targets (or destinations); both are Winserver 2003 AD DNS boxes, and are the proper ip addresses for our DNS. All the originating boxes are also Windows boxes of either
> 2003 or XP Pro flavour.
>
> All IPs on these networks are static; there is no DHCP assignment on these networks.
>
> I seem to recall from another life that even if a dohs client box has an assigned
> static ip, it will still attempt to 'talk' to AD DNS. Does anyone know if this this
> correct? Or is there something else going on?
>
> If the above is correct, is this behaviour I can turn off on the windows client box? Hopefully from AD?
>
> Is there any reason not to?
>
> Or should I just leave the windows boxes alone and instead create
> a 'windows' list of windows box ips and put a !windows exclusion for this rule in modifysid?
>
> Or something else?
>
> Thanks!
>
>
>
> ------------------------------------------------------------------------------
> AlienVault Unified Security Management (USM) platform delivers complete
> security visibility with the essential security capabilities. Easily and
> efficiently configure, manage, and operate all of your security controls
> from a single console and one unified framework. Download a free trial.
> http://p.sf.net/sfu/alienvault_d2d
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]