Preface: DNS ZXFRLogo -Internet Security Systems

DNS ZXFR
advICE :Intrusions : 2000420
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Summary

A "DNS compressed zone transfer" was attempted.

Details

A compressed zone transfer is simply a normal zone transfer that has been compressed using the popular "gzip" compression algorithm. Like all zone transfers, this may allow a remote intruder to map out your network. Please seen intruder id #2000401 for more details on this.

A request for a compressed zone transfer may also be used to cause a DoS. Version 8.2.2 of the popular Berkeley Internet Name Daemon ($/Services/Directory/DNS/BIND$BIND$BIND$) was found to have a vulnerability such that a specially crafted request would crash the server.

Trigger

This event triggers whenever a command for a compressed zone transfer (ZXFR) is seen sent to a server.

False Positives

Such zone transfers may be a normal part of network operations from your own machines. This is really only a relavent attack if it comes from outside your network.

 more information
DNS  
More about the DNS service.  
CERT: CA-2000.20   Mulitple Denial-of-Service Problems in ISC BIND
  
 
Version appeared: 2.5
Privacy Policy |  Copyright Info