[Snort-sigs] lots of alerts on so rule "possible DGA detected"

waldo kitty wkitty42 at ...3507...
Tue Nov 25 13:12:49 EST 2014


On 11/25/2014 2:55 AM, Ronny Vaningh wrote:
> First the host does a request for myserverhostname001.subdomain.domain.com
> <http://myserverhostname001.subdomain.domain.com>
> After receiving a NXDOMAIN it appends a search domain suffix and generates a
> request like
>
> myserverhostname543.subdomain.domain.com.searchdomain.com

what software is this, please? so we know to list it as banned and keep it far 
away from our networks ;)


-- 
  NOTE: No off-list assistance is given without prior approval.
        Please *keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.




More information about the Snort-sigs mailing list