[Snort-users] Help with Snort Processor

Dan O'Brien pdobrien3 at gmail.com
Wed Oct 25 20:06:57 EDT 2017


Good evening all,

Looking for some suggestions to quiet (PROTOCOL-DNS domain not found containing random-looking hostname - possible DGA detected).  It goes off every time someone opens Chrome due to Chrome DNS prefetching. I disabled prefetching in Chrome but apparently it still does some things upon opening that cant be controlled in the settings. 

Browser Startup

Chromium automatically remembers the first 10 domains that were resolved the last time the Chromium was started, and automatically starts to resolve these names very early in the startup process.  As a result, the domains for a user's home page(s), along with any embedded domains (or anything the user "always" visits just after startup), are generally resolved before much of Chromium has ever loaded.  When Chromium finally starts to try to load and render those pages, there is typically no DNS induced latency, and the application effectively "starts up" (becoming usable) faster.  Average startup savings are 200ms or more, with common acceleration over 1 second.

Looking for ideas beyond disabling the rule.  Thanks in advance. 

Thanks,
Dan
(770) 624-1010
pdobrien3 at gmail.com

"Better is a poor man who walks in his integrity than a rich man who is crooked in his ways." - Proverbs 28:6

Sent from my iPad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20171025/f2f49a24/attachment.html>


More information about the Snort-users mailing list