[Emerging-Sigs] Rule 2016016

Jørgen Bøhnsdalen jurg at jurg.no
Fri Dec 21 12:43:17 HAST 2012


On 12/21/2012 05:43 PM, Nathan wrote:
> On 12/21/2012 09:30 AM, James Lay wrote:
>> Could we possible make $DNS_SERVERS?
> 
> Well, these guys are crawling up and down RIR allocations, I'd rather seen them
> and block them up and down my /19 before I hope/pray I made $DNS_SERVERS exactly
> correct and comprehensive.

+1, we're mainly seing these against non-DNS-servers, and even if their efforts are futile I'd still like to be aware of them. I suggest suppressing the rules against non-DNS-servers or duplicating and modify to fit your need locally.

- Jørgen

> 
> Cheers,
> Nathan
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> 
> Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com
> The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!
> 


-- 
Jørgen Bøhnsdalen
Security Analyst
http://no.linkedin.com/in/jorgenbohnsdalen


More information about the Emerging-sigs mailing list