Snort mailing list archives
SOHO Pharming sigs
From: Jamie Riden <jamie.riden () gmail com>
Date: Tue, 4 Mar 2014 08:30:24 +0000
Someone already probably did these, and did them better :) alert udp any any -> 5.45.75.11 53 (msg:"DNS traffic to IP address identified by Team Cymru in SOHO Pharming paper";) alert tcp any any -> 5.45.75.11 53 (msg:"DNS traffic to IP address identified by Team Cymru in SOHO Pharming paper";) alert udp any any -> 5.45.75.36 53 (msg:"DNS traffic to IP address identified by Team Cymru in SOHO Pharming paper";) alert tcp any any -> 5.45.75.36 53 (msg:"DNS traffic to IP address identified by Team Cymru in SOHO Pharming paper";) ref: https://www.team-cymru.com/ReadingRoom/Whitepapers/2013/TeamCymruSOHOPharming.pdf cheers, Jamie -- Jamie Riden / jamie () honeynet org / jamie.riden () gmail com http://uk.linkedin.com/in/jamieriden ------------------------------------------------------------------------------ Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce. With Perforce, you get hassle-free workflows. Merge that actually works. Faster operations. Version large binaries. Built-in WAN optimization and the freedom to use Git, Perforce or both. Make the move to Perforce. http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- SOHO Pharming sigs Jamie Riden (Mar 04)