Snort mailing list archives

Proposed update to 1:28039

From: "Rodgers, Anthony (DTMB)" <RodgersA1 () michigan gov>
Date: Fri, 19 Dec 2014 19:37:25 +0000

Since Upworthy purchased u.pw (http://www.thedomains.com/2013/06/03/upworthy-com-buys-u-pw-as-url-shortener/), should 
we update INDICATOR-COMPROMISE Suspicious .pw dns query (1:28039) to add the following:

content:!"|01 75 02 70 77 00|"; offset:12; depth:6;

Cheers,

Anthony Rodgers
Security Analyst
Michigan Security Operations Center (MiSOC)


------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Proposed update to 1:28039 Rodgers, Anthony (DTMB) (Dec 19)
- Re: Proposed update to 1:28039 Jeremy Hoel (Dec 19)
  - Re: Proposed update to 1:28039 Joel Esler (jesler) (Dec 22)
    - Re: Proposed update to 1:28039 Rodgers, Anthony (DTMB) (Dec 22)
  - Re: Proposed update to 1:28039 Rodgers, Anthony (DTMB) (Dec 22)