GEN:SID 1:255
Message DNS zone transfer TCP
Summary This event is generated when an attempt is made to request a zone
transfer from a DNS Server
Impact Information disclosure.
Detailed Information DNS Zone transfers are normally used between DNS Servers to replicate
zone information. Zone transfers can also be used to gain information
about a network.
Affected Systems All DNS Servers
Attack Scenarios A malicious user may request a Zone Transfer to gather information
before commencing an attack.  This can give the user a list of hosts to
target.
Ease of Attack Simple.
Corrective Action Configure the DNS servers to only allow zone transfers from authorised
hosts, limit the information available from publicly acessible DNS
server by using Split Horizon DNS or separate DNS Servers for internal
networks.
Additional References  
Rule References arachnids: 212
cve: 1999-0532
nessus: 10595