[Snort-sigs] What's wrong with this rule?

Paul Schmehl pauls at ...1311...
Fri Aug 6 10:50:06 EDT 2004


--On Friday, August 06, 2004 11:51:38 AM -0400 "Esler, Joel - Contractor" 
<joel.esler at ...783...> wrote:

> I guess my question is, why didn't you use !$DNS_SERVERS??
>
> By taking a look at the rule name, "DNS Server Response"  means.. You
> are looking for a DNS server that is NOT yours answering back to box in
> your network.  Then it should be..
>
No, I'm looking for DNS servers on *my* network that I don't know about 
that are responding to *foreign* hosts who are making DNS requests.

Paul Schmehl (pauls at ...1311...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/




More information about the Snort-sigs mailing list