[Snort-sigs] DNS Query for .su TLD (Soviet Union)

waldo kitty wkitty42 at ...3507...
Tue Mar 5 10:28:03 EST 2013

On 3/5/2013 02:36, James wrote:
> Hello
> I am new to Snort signatures, the snort IDS is generating alot of these  alerts
> for this signature "DNS Query for .su TLD (Soviet Union)" and " DYNAMIC_DNS
> Query to a Suspicious no-ip Domain".Is this a potential threat, if yes how do i
> stop it..

you need to determine why you have traffic on your network looking up those *.su 
and *.no-ip.com domains... you also need to determine if the machines on your 
network are actually contacting those domains... this process will likely lead 
you to determining exactly what that traffic is and if it is harmful to your 
network... only then can you determine if it is a threat to your network and 
institute moves to stop it...

More information about the Snort-sigs mailing list