[Snort-users] PROTOCOL-DNS Malformed DNS query with HTTP content. What's the angle?
eric at ...15503...
Wed Apr 23 17:20:04 EDT 2014
On Apr 23, 2014 2:17 PM, "Y M" <snort at ...15979...> wrote:
> Jim and Eric,
> It was me who wrote this rule. Sometime back at november 2013 I was
looking at a full packet capture and found couple of weird DNS probes, the
http one was one of them. Unfortunately I have no specific context for the
traffic except that there was lots of "weird" traffic. Sorry.
Thanks! Finding the actual rule submitter is just what I was hoping for.
It is interesting! Why in the world some random Chinese IPs are trying to
throw HTTP GETs at UDP 53 makes no sense to me either, but I have the pcaps
to prove you weren't crazy when you wrote that rule!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users