Difference between revisions of "HIDS 12150"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "{{Infobox |header1= Rule 12150 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Bind DNS invalid query flood }} = Description = '''ASL does not cause this...")

Revision as of 09:08, 17 June 2014

Rule 12150
Status Active
Alert Message Bind DNS invalid query flood

Contents

Description

ASL does not cause this event to occur. ASL simply reports when your DNS server has rejected multiple queries from a single IP address, within 10 seconds. ASL is not preventing your system from answering these queries, this event is occurring because your DNS server has been configured to reject these requests. Please contact your DNS vendor for assistance if you believe your DNS server should not have rejected these queries.

Disabling this rule will have no effect on your DNS server rejecting these queries. Disabling this rule will just prevent ASL from notifying you when this occurs, however the event will continue to occur. Therefore we do not recommend you disable this rule.

Log examples

Jan 1 10:19:01 hostname named[1234]: client 1.2.3.4#1234: view external: query (cache) `hostname/tld/MX/IN` denied

Troubleshooting

False Positives

None.

Additional Information

Similar Rules

None.

Knowledge Base Articles

None.

Personal tools