Snort mailing list archives
Re: ANY query rule
From: Jeff Kell <jeff-kell () utc edu>
Date: Thu, 10 Oct 2013 22:29:18 -0400
See ET 2016016 and 2016017, they are essentially doing just that. Jeff On 10/10/2013 10:23 PM, Luis Daniel Lucio Quiroz wrote:
No, im seeking a rule that maches a ANY dns query, ANY type query, no any source/target 2013/10/10 <wkitty42 () windstream net>:On Thursday, October 10, 2013 9:43 PM, Luis Daniel Lucio Quiroz <luis.daniel.lucio () gmail com> wrote:Helo, Can anyone share a Snort rule that hits when there is a DNS ANY query?i have some ANY ANY rules used for testing installations to ensure that snort sees traffic flowing... perhaps modifying them for the DNS port is what you are seeking??------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- ANY query rule Luis Daniel Lucio Quiroz (Oct 10)
- <Possible follow-ups>
- Re: ANY query rule wkitty42 (Oct 10)
- Re: ANY query rule Luis Daniel Lucio Quiroz (Oct 10)
- Re: ANY query rule Jeff Kell (Oct 10)
- Re: ANY query rule Luis Daniel Lucio Quiroz (Oct 10)
- Re: ANY query rule Luis Daniel Lucio Quiroz (Oct 10)
- Re: ANY query rule wkitty42 (Oct 11)
- Re: ANY query rule wkitty42 (Oct 11)