Snort mailing list archives
Detecting cross reference at DNS decompression by a snort rule
From: سعید انواری <anvari85 () gmail com>
Date: Fri, 27 May 2011 13:14:08 +0430
Hello. I want to write a snort rule to detect DNS exploit as a result of endless cross referencing in DNS compression message. especially, I mean zlip-2.pcap packet ( zlip-2.pcap<http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=zlip-2.pcap> ). can somebody help me? Thanks.
------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Detecting cross reference at DNS decompression by a snort rule سعید انواری (May 27)