No subject

Thu Nov 23 16:36:19 EST 2017

false negatives and less false positive)

alert udp $EXTERNAL_NET any -> $HOME_NET 53 \
  (msg:"DNS named version attempt"; content: "|07|version"; \
   nocase; content:"|04|bind|00|"; nocase; offset: 12; \
   depth: 32; reference:arachnids,278;)

.ps I got funding for CanSecWest, so I'll see yall there :)

Brian Caswell
The MITRE Corporation

More information about the Snort-users mailing list