IDS mailing list archives

Re: DNS Cache Poisoning attack

From: Joel Esler <joel.esler () mac com>
Date: Thu, 17 Jul 2008 11:15:47 -0400

There are Shared Object rules available for the DNS Cache Poisoningattack that are VRT certified available via subscription at www.snort.org.


J

On Jul 16, 2008, at 10:38 PM, Ravi Chunduru wrote:

Does anybody have snort or Intrupro-IPS signature(s) to detect DNS
Cache Poisoning attack?
Also, is there any PoC to simulate the attack and test the
effectiveness of signature(s)?

thanks
Ravi

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?

Find out quickly and easily by testing itwith real-world attacks from CORE IMPACT.Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfwto learn more.

------------------------------------------------------------------------

Current thread:

DNS Cache Poisoning attack Ravi Chunduru (Jul 17)
- Re: DNS Cache Poisoning attack Joel Esler (Jul 17)
  - Re: DNS Cache Poisoning attack Michael Rash (Jul 17)
    - Re: DNS Cache Poisoning attack Secure Scorp (Jul 21)
- Re: DNS Cache Poisoning attack Mario A. Spinthiras (Jul 21)