SnortID.com - Search for SNORT ID's - Snort is a registered trademark of Sourcefire, Inc

Enter a Snort ID to lookup (e.g 1:269)

Search String: 1:1616

N.B.: Maximum of 50 results are displayed

Sid	Summary	Impact	Detailed Information	Affected Systems	Attack Scenarios	Ease of Attack	False Positive	False Negative	Corrective Action	Contributors	Additional References
1:1616	This event is generated when an attempt is made to query version.bind on your DNS server.	Reconnaissance. This may indicate which version of BIND the server is running.	An attacker can query a DNS server for the version of BIND running. Some versions of BIND, by default, respond to these queries while BIND version 9; by default, does not. A response to this query can assist an attacker in discovering servers that are potentially vulnerable to exploits associated with specific versions of BIND.	All versions of BIND.	An attacker can execute this query to find DNS servers running specific versions of BIND.	Simple. Use the Unix command 'dig @ns.com version.bind txt chaos'	None Known	None Known	Remove the ability to retrieve the version.bind chaos record via configuration options.	Sourcefire Vulnerability Research Team Brian Caswell Judy Novak	OSVDB: http://www.osvdb.org/23