[Snort-users] Question about SO Rule 3:21355

Jeremy Hoel jthoel at ...11827...
Wed Sep 4 18:46:13 EDT 2013


We started seeing this today from some of our DC's when doing lookups
to various nytimes.com sites  The MS Bulletin references issues with
Exchange and SMTP and the CVE references the DNS lookup in the
smtpsvc.dll in regards to dns caching poisoning.

We are only seeing these for responses from the NYT DNS servers, which
is also odd, not the original request going outboung which makes me
wonder how/what in  the response would trigger this?

And finally.. if the servers are patched with MS10-024, then the could
something else be causing the FP?

Being a SO rule, I don't have much to go on.




More information about the Snort-users mailing list