[Snort-users] PROTOCOL-DNS Malformed DNS query with HTTP content. What's the angle?

Eric G eric at ...15503...
Thu Apr 24 09:08:11 EDT 2014


On Apr 24, 2014 8:53 AM, "Moore, Jim" <jmoore at ...16816...> wrote:
>
> I checked back several weeks and found no alerts for UDP traffic to/from
> any of the other ports

It would be interesting to throw up a little python script listening on udp
53 that actually responds to the GET with a small index.html and see what
the bot does then...

--
Eric
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140424/8e73692f/attachment.html>


More information about the Snort-users mailing list