[Emerging-Sigs] Question on SID 2014701

Jason Williams jwilliams at emergingthreats.net
Mon Apr 6 11:46:02 HDT 2020


Hey Leonard,

We see this hit on various IPs out in the wild, but it doesn't appear to
always indicate maliciousness. I would treat this as more of an
INFO/HUNTING level signature that could be useful in the context of other
traffic.

If you have things you would would like tuned out, we can definitely look
into that, just shoot us a pcap or a screenshot or something.

Thanks!

On Mon, Apr 6, 2020 at 1:35 PM Leonard Jacobs <ljacobs at netsecuris.com>
wrote:

> We think we are seeing this signature fired because of the use of OpenDNS.
>
> Is this signature still a valid signature to be used?
>
> Thanks.
>
> Leonard
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20200406/a207d6cd/attachment.html>


More information about the Emerging-sigs mailing list