Snort mailing list archives
Re: BAD-TRAFFIC dns cache poisoning attempt sid:13667
From: yew chuan Ong <yewchuan_23 () yahoo com>
Date: Thu, 8 Nov 2012 20:31:59 -0800 (PST)
Hi All, I found this rule under so_rules. I also found a thread discussing GID:3... http://seclists.org/snort/2010/q1/190 Since we have no idea how the sig works (in term of detection method), how can we analyze it? Appreciate if anyone can response. Thanks! Regards Yew Chuan ________________________________ From: yew chuan Ong <yewchuan_23 () yahoo com> To: "snort-sigs () lists sourceforge net" <snort-sigs () lists sourceforge net> Sent: Thursday, November 8, 2012 3:33 PM Subject: [Snort-sigs] BAD-TRAFFIC dns cache poisoning attempt sid:13667 Hi, I found the description of this sig here - http://cs.uccs.edu/~cs591/ids/snort/snort2_9_0/so_rules/bad-traffic.rules. But, when I downloaded the rules from Snort, I found nothing related inside bad-traffic.rules. Any ideas? This sig is still enabled by default right? Thanks! Regards Yew Chuan ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_nov _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_nov
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- BAD-TRAFFIC dns cache poisoning attempt sid:13667 yew chuan Ong (Nov 07)
- Re: BAD-TRAFFIC dns cache poisoning attempt sid:13667 yew chuan Ong (Nov 08)
- Re: BAD-TRAFFIC dns cache poisoning attempt sid:13667 waldo kitty (Nov 09)
- Re: BAD-TRAFFIC dns cache poisoning attempt sid:13667 yew chuan Ong (Nov 10)
- Re: BAD-TRAFFIC dns cache poisoning attempt sid:13667 waldo kitty (Nov 10)
- Re: BAD-TRAFFIC dns cache poisoning attempt sid:13667 waldo kitty (Nov 09)
- Re: BAD-TRAFFIC dns cache poisoning attempt sid:13667 yew chuan Ong (Nov 08)