Snort mailing list archives
Re: TMG Firewall Client long host entry exploit attempt
From: Carlos G Mendioroz <tron () acm org>
Date: Sun, 02 Mar 2014 18:05:42 -0300
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks Joel, as I said, that one is like sweeping under the carpet, right ? Snort is surprisingly quiet too. Other than this, it seems all the bad guys went on vacation... On this one, it seems that the rule is triggering on answers to a ROOT dns query. That one also makes me wonder why is bind asking for that. - -Carlos Joel Esler (jesler) @ 02/03/2014 17:59 -0300 dixit:
The easiest way to deal with this one is, if you aren't running the tmg firewall client, shut the rule off. -- Joel Esler Sent from my iPhoneOn Mar 2, 2014, at 6:51, "Carlos G Mendioroz" <tron () acm org> wrote:Hi, I've recently installed snort on a home border server. (again, this is a complete re-install of my place infrastructure :) I keep snort running, not frequently updated, just to have some sense of activity. Upload alerts to dshield too. This time, snort remained way too silent. But 3:19187:2 is firing with many of my server's DNS queries. (bind9 forwarder) I've search for clues but this seems to be an so rule and I don't know how to troubleshoot this. I guess I can disable the rule, but that's just going to hide the issue. I do have a capture of one incident triggering the rule, not that it is difficult to reproduce ( Help ? TIA,------------------------------------------------------------------------------
Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news! - -- Carlos G Mendioroz <tron () acm org> -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlMTnSYACgkQ7qM4U9dTH39m3wCfYoSwD8Dob6S0ESdi6kzeRm18 szEAniV+wt9SBvZgYh6eajW1nya6uE4P =jiVe -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- TMG Firewall Client long host entry exploit attempt Carlos G Mendioroz (Mar 02)
- Re: TMG Firewall Client long host entry exploit attempt Joel Esler (jesler) (Mar 02)
- Re: TMG Firewall Client long host entry exploit attempt Carlos G Mendioroz (Mar 02)
- Re: TMG Firewall Client long host entry exploit attempt Joel Esler (jesler) (Mar 02)
- Re: TMG Firewall Client long host entry exploit attempt Carlos G Mendioroz (Mar 03)
- Re: TMG Firewall Client long host entry exploit attempt Joel Esler (jesler) (Mar 03)
- Re: TMG Firewall Client long host entry exploit attempt simegnew yihunie (Mar 03)
- Re: TMG Firewall Client long host entry exploit attempt waldo kitty (Mar 04)
- Re: TMG Firewall Client long host entry exploit attempt Carlos G Mendioroz (Mar 02)
- Re: TMG Firewall Client long host entry exploit attempt Patrick Mullen (Mar 04)
- Re: TMG Firewall Client long host entry exploit attempt Carlos G Mendioroz (Mar 04)
- Re: TMG Firewall Client long host entry exploit attempt Patrick Mullen (Mar 04)
- Re: TMG Firewall Client long host entry exploit attempt Carlos G Mendioroz (Mar 04)
- Re: TMG Firewall Client long host entry exploit attempt Joel Esler (jesler) (Mar 02)
- Re: TMG Firewall Client long host entry exploit attempt Randal T. Rioux (Mar 04)