Snort mailing list archives

Re: PROTOCOL-DNS DNS query amplification attempt (1:28556)

From: rmkml <rmkml () yahoo fr>
Date: Mon, 4 May 2015 21:43:04 +0200 (CEST)

and this rule is a recommended policy drop "security-ips", if trigger, please share or send to VRT/Talos.

Regards
@Rmkml


On Mon, 4 May 2015, rmkml wrote:

Hello Mustaque,

Could you have checked the reference on this sig please ?

https://www.us-cert.gov/ncas/alerts/TA13-088A

Regards
@Rmkml


On Mon, 4 May 2015, Mustaque wrote:

Hi,

 
I cant see the packet information to investigate the integrity of thisrule. And what this rule does? Need more info.
 

Thanks and Regards

Mustaque

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

PROTOCOL-DNS DNS query amplification attempt (1:28556) Mustaque (May 04)
- Re: PROTOCOL-DNS DNS query amplification attempt (1:28556) Al Lewis (allewi) (May 04)
  - Re: PROTOCOL-DNS DNS query amplification attempt (1:28556) Geoffrey Serrao (May 04)
- Re: PROTOCOL-DNS DNS query amplification attempt (1:28556) rmkml (May 04)
  - Re: PROTOCOL-DNS DNS query amplification attempt (1:28556) rmkml (May 04)
    - Re: PROTOCOL-DNS DNS query amplification attempt (1:28556) Mustaque Ahmad (May 07)
    - Re: PROTOCOL-DNS DNS query amplification attempt (1:28556) Jamie Riden (May 07)
    - Re: PROTOCOL-DNS DNS query amplification attempt (1:28556) Mustaque (May 12)