[Snort-sigs] What's wrong with this rule?
pauls at ...1311...
Fri Aug 6 10:50:06 EDT 2004
--On Friday, August 06, 2004 11:51:38 AM -0400 "Esler, Joel - Contractor"
<joel.esler at ...783...> wrote:
> I guess my question is, why didn't you use !$DNS_SERVERS??
> By taking a look at the rule name, "DNS Server Response" means.. You
> are looking for a DNS server that is NOT yours answering back to box in
> your network. Then it should be..
No, I'm looking for DNS servers on *my* network that I don't know about
that are responding to *foreign* hosts who are making DNS requests.
Paul Schmehl (pauls at ...1311...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
More information about the Snort-sigs