Snort mailing list archives

Re: PROTOCOL-DNS Malformed DNS query with HTTP content. What's the angle?

From: Eric G <eric () nixwizard net>
Date: Thu, 24 Apr 2014 09:08:11 -0400

On Apr 24, 2014 8:53 AM, "Moore, Jim" <jmoore () thebank com> wrote:


I checked back several weeks and found no alerts for UDP traffic to/from
any of the other ports


It would be interesting to throw up a little python script listening on udp
53 that actually responds to the GET with a small index.html and see what
the bot does then...

--
Eric

------------------------------------------------------------------------------
Start Your Social Network Today - Download eXo Platform
Build your Enterprise Intranet with eXo Platform Software
Java Based Open Source Intranet - Social, Extensible, Cloud Ready
Get Started Now And Turn Your Intranet Into A Collaboration Platform
http://p.sf.net/sfu/ExoPlatform

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

PROTOCOL-DNS Malformed DNS query with HTTP content. What's the angle? Moore, Jim (Apr 23)
- Re: [Snort-users] PROTOCOL-DNS Malformed DNS query with HTTP content. What's the angle? James Lay (Apr 23)
- Re: PROTOCOL-DNS Malformed DNS query with HTTP content. What's the angle? Eric G (Apr 23)
  - Re: PROTOCOL-DNS Malformed DNS query with HTTP content. What's the angle? Nick Randolph (Apr 23)
    - Message not available
    - Re: PROTOCOL-DNS Malformed DNS query with HTTP content. What's the angle? Eric G (Apr 23)
    - Message not available
    - Message not available
    - Re: PROTOCOL-DNS Malformed DNS query with HTTP content. What's the angle? Eric G (Apr 24)