Snort mailing list archives
Re: DNS Query for .su TLD (Soviet Union)
From: waldo kitty <wkitty42 () windstream net>
Date: Tue, 05 Mar 2013 10:28:03 -0500
On 3/5/2013 02:36, James wrote:
Hello I am new to Snort signatures, the snort IDS is generating alot of these alerts for this signature "DNS Query for .su TLD (Soviet Union)" and " DYNAMIC_DNS Query to a Suspicious no-ip Domain".Is this a potential threat, if yes how do i stop it..
you need to determine why you have traffic on your network looking up those *.su and *.no-ip.com domains... you also need to determine if the machines on your network are actually contacting those domains... this process will likely lead you to determining exactly what that traffic is and if it is harmful to your network... only then can you determine if it is a threat to your network and institute moves to stop it... ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- DNS Query for .su TLD (Soviet Union) James (Mar 04)
- Re: DNS Query for .su TLD (Soviet Union) waldo kitty (Mar 05)