[Snort-sigs] DNS Query for .su TLD (Soviet Union)
wkitty42 at ...3507...
Tue Mar 5 10:28:03 EST 2013
On 3/5/2013 02:36, James wrote:
> I am new to Snort signatures, the snort IDS is generating alot of these alerts
> for this signature "DNS Query for .su TLD (Soviet Union)" and " DYNAMIC_DNS
> Query to a Suspicious no-ip Domain".Is this a potential threat, if yes how do i
> stop it..
you need to determine why you have traffic on your network looking up those *.su
and *.no-ip.com domains... you also need to determine if the machines on your
network are actually contacting those domains... this process will likely lead
you to determining exactly what that traffic is and if it is harmful to your
network... only then can you determine if it is a threat to your network and
institute moves to stop it...
More information about the Snort-sigs