[Emerging-Sigs] Fast Flux DNS sigs
Joel Esler
joel.esler at sourcefire.com
Thu Feb 14 13:01:14 EST 2008
I think the list would be extensive. Thousands of domains use 60
second ttls.
J
On Feb 14, 2008, at 12:25 PM, David Glosser wrote:
> I know there was some work on fast flux DNS sigs (ttl <60 secs), but
> which generated false positives as google and others use ttls of
> less than 60 seconds.
>
> Can a "white list" of valid domains (google, yahoo, cnn, etc) be
> generated which would not trip the sig, maybe using some sort of
> dynamic rule?
>
> Or would such a list be too long?
>
>
>
>
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
--
Joel Esler joel.esler at sourcefire.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20080214/84d7fc7b/attachment.html
More information about the Emerging-sigs
mailing list