[Snort-sigs] deny default outbound (was Reverse shell)

Bennett Todd bet at ...654...
Mon Mar 25 13:02:47 EDT 2013


2013-03-25T12:44 scastle at ...3555...:
> Funny how some workstation suddenly using DNS or SMTP directly to the
outside is such a red flag...;)

Indeed!

It says something that the provided infrastructure for such protocols has
worked so well, and been so available, that unplanned apps using them are
sometimes, perhaps even often, tunneling illicit traffic, or trying to
break legitimate uses.

Spam had been a DoS attack ever since it was popularized by the reaction to
the green card lawyers, and DNS's lack of security has been popular for
amplification attacks, cache poisoning, and remote network mapping.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20130325/a6b340a9/attachment.html>


More information about the Snort-sigs mailing list