[Snort-sigs] SID 1-44076 Suspicious .trade dns query

Joel Esler (jesler) jesler at cisco.com
Tue May 29 10:37:19 EDT 2018


This appears to be generic place holder text.  I'll write a more specific document to be published on the next rule release (tomorrow).

--
Joel Esler
Sr. Manager
Open Source, Design, Web, and Education
Talos Group
http://www.talosintelligence.com

On May 29, 2018, at 9:46 AM, Jorge Junco <jjbit at online.de<mailto:jjbit at online.de>> wrote:

Sorry, a'm really new here and it seem to be a simple question...

My Sophos Firewall sends me a notification regarding my DC/DNS Server:

Message: INDICATOR-COMPROMISE Suspicious .trade dns query
Details........: https://www.snort.org/search?query=44076

This Rule shows as corrective action:

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

MY DC ist up-to date! Does it mean the Sophos Firewall Software or my Windows Updates?

Thanks in advance!


_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.snort.org<mailto:Snort-sigs at lists.snort.org>
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20180529/feb5c953/attachment.html>


More information about the Snort-sigs mailing list