Re: PROTOCOL-DNS Malformed DNS query with HTTP content. What's the angle?

[Eric G <eric () nixwizard net>]

On Apr 23, 2014 2:17 PM, "Y M" <snort () outlook com> wrote:
> Jim and Eric,
>
> It was me who wrote this rule. Sometime back at november 2013 I was
looking at a full packet capture and found couple of weird DNS probes, the
http one was one of them. Unfortunately I have no specific context for the
traffic except that there was lots of "weird" traffic. Sorry.
>

Thanks! Finding the actual rule submitter is just what I was hoping for.

It is interesting! Why in the world some random Chinese IPs are trying to
throw HTTP GETs at UDP 53 makes no sense to me either, but I have the pcaps
to prove you weren't crazy when you wrote that rule!

Thanks,
--
Eric
http://www.linkedin.com/in/ericgearhart

------------------------------------------------------------------------------
Start Your Social Network Today - Download eXo Platform
Build your Enterprise Intranet with eXo Platform Software
Java Based Open Source Intranet - Social, Extensible, Cloud Ready
Get Started Now And Turn Your Intranet Into A Collaboration Platform
http://p.sf.net/sfu/ExoPlatform

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!