Re: Vulnerability DNS BIND9 attack DoS

["Vuong D. Chieu" <vdchieu () vncert vn>]

Dear sir.
Now. on internet public vulnerability DNS BIND9 
https://www.exploit-db.com/exploits/37721/

you can write rule detect attack DoS on OS DNS using BIND9

i had writent rule but it do not run.
alert udp any any -> any any (sid:1000010; gid:1; content:"|07 76 65 72 73 69 6F 6E 04 62 69 6E 64 00|"; msg:"DoS DNS 
BIND9"; classtype:successful-dos; rev:3; )

you can see me some analys about attack DoS. I can write it.

thanks

----------------------------------------
Vuong Dinh Chieu (Mr.)
Vietnam Computer Emergency Response Team (VNCERT)
Ministry of Information and Communications (MIC)
Add: 18 Nguyen Du, Hanoi       Website: http://www.vncert.gov.vn
Tel: +84-4-3640-4424                Mobile: +84-97 993 1293

----- Original Message -----
From: "Vuong D. Chieu" <vdchieu () vncert vn>
To: snort-sigs () lists sourceforge net
Sent: Wednesday, August 5, 2015 1:52:29 PM
Subject: Vulnerability DNS BIND9 attack DoS


Dear sir.
Now. on internet public vulnerability DNS BIND9 
https://www.exploit-db.com/exploits/37721/

you can write rule detect attack DoS on OS DNS using BIND9

thanks
----------------------------------------
Vuong Dinh Chieu (Mr.)
Vietnam Computer Emergency Response Team (VNCERT)
Ministry of Information and Communications (MIC)
Add: 18 Nguyen Du, Hanoi       Website: http://www.vncert.gov.vn
Tel: +84-4-3640-4424                Mobile: +84-97 993 1293

------------------------------------------------------------------------------
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!