No subject


Thu Nov 23 16:36:19 EST 2017


false negatives and less false positive)

alert udp $EXTERNAL_NET any -> $HOME_NET 53 \
  (msg:"DNS named version attempt"; content: "|07|version"; \
   nocase; content:"|04|bind|00|"; nocase; offset: 12; \
   depth: 32; reference:arachnids,278;)

.ps I got funding for CanSecWest, so I'll see yall there :)

-- 
Brian Caswell
The MITRE Corporation




More information about the Snort-users mailing list