|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: [snort] DNS lookups too sensitve...or are these attacks?
From: James McLaughlin (katana
montrose.net)Date: Fri Mar 31 2000 - 00:15:27 CST
- Next message: Christian Lademann: "Re: [snort] Flexible Response within Snort"
- Previous message: Yen-Ming Chen: "[snort] [Anno] snort_stat.pl release (1.7)"
- In reply to: Jim Forster: "Re: [snort] DNS lookups too sensitve...or are these attacks?"
- Next in thread: Martin Roesch: "Re: [snort] DNS lookups too sensitve...or are these attacks?"
- Reply: James McLaughlin: "Re: [snort] DNS lookups too sensitve...or are these attacks?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jim Forster wrote:
> These are either from the Vision ruleset, or from the 'addon' set on
> RapidNet. (That's why they were removed from the dist. set) :)
> Those are DNS queries, and the only reason it flagged them is that it was
> hitting the port which is monitored by the ruleset. - Nothing to worry
> about.
> I suggest using only content-based rules for backdoor activity, otherwise
> you'll need a 20gb drive to log all the falses nightly. :]
> Thanks...
>
>
Good to know ...thanks
Kat
- Next message: Christian Lademann: "Re: [snort] Flexible Response within Snort"
- Previous message: Yen-Ming Chen: "[snort] [Anno] snort_stat.pl release (1.7)"
- In reply to: Jim Forster: "Re: [snort] DNS lookups too sensitve...or are these attacks?"
- Next in thread: Martin Roesch: "Re: [snort] DNS lookups too sensitve...or are these attacks?"
- Reply: James McLaughlin: "Re: [snort] DNS lookups too sensitve...or are these attacks?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]