Snort mailing list archives
indicator DNS queries
From: "Weissenburger, Steve" <scweissen () tegna com>
Date: Tue, 5 Dec 2017 17:44:53 +0000
Hello, I'm being hit with these three snort rules and trying to find more info on what exactly these are doing but coming up empty. Can anyone provide more insight? I'm a snort newbie. Thanks, Steve INDICATOR-COMPROMISE Suspicious .win dns query (1:44077:1) INDICATOR-COMPROMISE Suspicious .top dns query (1:43687:1) INDICATOR-COMPROMISE Suspicious .tk dns query (1:39867:3)
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- indicator DNS queries Weissenburger, Steve (Dec 07)
- Re: indicator DNS queries Y M via Snort-sigs (Dec 07)
- Message not available
- Re: indicator DNS queries Y M via Snort-sigs (Dec 08)
- Message not available
- Re: indicator DNS queries Y M via Snort-sigs (Dec 07)