Snort mailing list archives

Re: DNS Query for .su TLD (Soviet Union)

From: waldo kitty <wkitty42 () windstream net>
Date: Tue, 05 Mar 2013 10:28:03 -0500

On 3/5/2013 02:36, James wrote:

Hello

I am new to Snort signatures, the snort IDS is generating alot of these  alerts
for this signature "DNS Query for .su TLD (Soviet Union)" and " DYNAMIC_DNS
Query to a Suspicious no-ip Domain".Is this a potential threat, if yes how do i
stop it..


you need to determine why you have traffic on your network looking up those *.su 
and *.no-ip.com domains... you also need to determine if the machines on your 
network are actually contacting those domains... this process will likely lead 
you to determining exactly what that traffic is and if it is harmful to your 
network... only then can you determine if it is a threat to your network and 
institute moves to stop it...


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

DNS Query for .su TLD (Soviet Union) James (Mar 04)
- Re: DNS Query for .su TLD (Soviet Union) waldo kitty (Mar 05)