Snort mailing list archives
Re: lots of alerts on so rule "possible DGA detected"
From: waldo kitty <wkitty42 () windstream net>
Date: Tue, 25 Nov 2014 13:12:49 -0500
On 11/25/2014 2:55 AM, Ronny Vaningh wrote:
First the host does a request for myserverhostname001.subdomain.domain.com <http://myserverhostname001.subdomain.domain.com> After receiving a NXDOMAIN it appends a search domain suffix and generates a request like myserverhostname543.subdomain.domain.com.searchdomain.com
what software is this, please? so we know to list it as banned and keep it far away from our networks ;) -- NOTE: No off-list assistance is given without prior approval. Please *keep mailing list traffic on the list* unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- lots of alerts on so rule "possible DGA detected" Ronny Vaningh (Nov 25)
- Re: lots of alerts on so rule "possible DGA detected" kestutis.malakauskas (Nov 25)
- Re: lots of alerts on so rule "possible DGA detected" Alex McDonnell (Nov 25)
- Re: lots of alerts on so rule "possible DGA detected" Patrick Mullen (Nov 25)
- Re: lots of alerts on so rule "possible DGA detected" C. L. Martinez (Nov 25)
- Re: lots of alerts on so rule "possible DGA detected" waldo kitty (Nov 25)
- Re: lots of alerts on so rule "possible DGA detected" kestutis.malakauskas (Nov 25)