[Snort-sigs] SID 1-44076 Suspicious .trade dns query
Joel Esler (jesler)
jesler at cisco.com
Tue May 29 10:37:19 EDT 2018
This appears to be generic place holder text. I'll write a more specific document to be published on the next rule release (tomorrow).
Open Source, Design, Web, and Education
On May 29, 2018, at 9:46 AM, Jorge Junco <jjbit at online.de<mailto:jjbit at online.de>> wrote:
Sorry, a'm really new here and it seem to be a simple question...
My Sophos Firewall sends me a notification regarding my DC/DNS Server:
Message: INDICATOR-COMPROMISE Suspicious .trade dns query
This Rule shows as corrective action:
Upgrade to the latest non-affected version of the software.
Apply the appropriate vendor supplied patches.
MY DC ist up-to date! Does it mean the Sophos Firewall Software or my Windows Updates?
Thanks in advance!
Snort-sigs mailing list
Snort-sigs at lists.snort.org<mailto:Snort-sigs at lists.snort.org>
Please visit http://blog.snort.org for the latest news about Snort!
Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs