Snort mailing list archives

Re: ANY query rule

From: Luis Daniel Lucio Quiroz <luis.daniel.lucio () gmail com>
Date: Thu, 10 Oct 2013 22:23:31 -0400

No, im seeking a rule that maches a ANY dns query, ANY type query, no
any source/target

2013/10/10  <wkitty42 () windstream net>:


On Thursday, October 10, 2013 9:43 PM, Luis Daniel Lucio Quiroz <luis.daniel.lucio () gmail com> wrote:

Helo,

Can anyone share a Snort rule that hits when there is a DNS ANY query?


i have some ANY ANY rules used for testing installations to ensure that snort sees traffic flowing... perhaps 
modifying them for the DNS port is what you are seeking??


------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

ANY query rule Luis Daniel Lucio Quiroz (Oct 10)
- <Possible follow-ups>
- Re: ANY query rule wkitty42 (Oct 10)
  - Re: ANY query rule Luis Daniel Lucio Quiroz (Oct 10)
    - Re: ANY query rule Jeff Kell (Oct 10)
    - Re: ANY query rule Luis Daniel Lucio Quiroz (Oct 10)
- Re: ANY query rule wkitty42 (Oct 11)
- Re: ANY query rule wkitty42 (Oct 11)