Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: deny default outbound (was Reverse shell)

From: Bennett Todd <bet () rahul net>
Date: Mon, 25 Mar 2013 13:02:47 -0400
2013-03-25T12:44 scastle () bouldercounty org:

Funny how some workstation suddenly using DNS or SMTP directly to the

outside is such a red flag...;)

Indeed!

It says something that the provided infrastructure for such protocols has
worked so well, and been so available, that unplanned apps using them are
sometimes, perhaps even often, tunneling illicit traffic, or trying to
break legitimate uses.

Spam had been a DoS attack ever since it was popularized by the reaction to
the green card lawyers, and DNS's lack of security has been popular for
amplification attacks, cache poisoning, and remote network mapping.

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: