[Emerging-Sigs] 2013075 Large DNS query and youtube.com

Lay, James james.lay at wincofoods.com
Mon Oct 31 11:19:40 EST 2011


> -----Original Message-----
> From: emerging-sigs-bounces at emergingthreats.net [mailto:emerging-sigs-
> bounces at emergingthreats.net] On Behalf Of Dewhirst, Rob
> Sent: Monday, October 31, 2011 10:03 AM
> To: emerging-sigs at emergingthreats.net
> Subject: [Emerging-Sigs] 2013075 Large DNS query and youtube,com
> 
> I could use some help interpreting what is going on here.
> 
> ET CURRENT_EVENTS Large DNS Query possible covert channel
>

FWIW I nuked this rule the day it came out...spamfilter sends out fattie
DNS packets for RBL's.

James
 


More information about the Emerging-sigs mailing list