[Snort-users] any rule for BIND 9 Resolver DoS?

Joel Esler jesler at ...1935...
Thu Nov 17 09:51:40 EST 2011


We (the VRT) are taking a look at this as we speak. 

Sent from my iPhone

On Nov 16, 2011, at 6:56 PM, Jason Haar <Jason_Haar at ...15306...> wrote:

> Just saw this on SANS. DoS causes Bind 9 to crash across .edu domains -
> suspected attack.
> 
> http://isc.sans.edu/diary.html?storyid=12049&rss
> http://www.isc.org/software/bind/advisories/cve-2011-tbd
> 
> 
> Anyone got packets? (or rules of course)
> 
> -- 
> Cheers
> 
> Jason Haar
> Information Security Manager, Trimble Navigation Ltd.
> Phone: +1 408 481 8171
> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
> 
> 
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure 
> contains a definitive record of customers, application performance, 
> security threats, fraudulent activity, and more. Splunk takes this 
> data and makes sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-novd2d
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list