Snort mailing list archives
Question about SO Rule 3:21355
From: Jeremy Hoel <jthoel () gmail com>
Date: Wed, 4 Sep 2013 22:46:13 +0000
We started seeing this today from some of our DC's when doing lookups to various nytimes.com sites The MS Bulletin references issues with Exchange and SMTP and the CVE references the DNS lookup in the smtpsvc.dll in regards to dns caching poisoning. We are only seeing these for responses from the NYT DNS servers, which is also odd, not the original request going outboung which makes me wonder how/what in the response would trigger this? And finally.. if the servers are patched with MS10-024, then the could something else be causing the FP? Being a SO rule, I don't have much to go on. ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Question about SO Rule 3:21355 Jeremy Hoel (Sep 04)
- Re: Question about SO Rule 3:21355 Patrick Mullen (Sep 05)
- Re: Question about SO Rule 3:21355 Jeremy Hoel (Sep 05)
- Re: Question about SO Rule 3:21355 Joel Esler (Sep 05)
- Re: Question about SO Rule 3:21355 Jeremy Hoel (Sep 13)
- Re: Question about SO Rule 3:21355 Jeremy Hoel (Sep 06)
- Re: Question about SO Rule 3:21355 Joel Esler (Sep 06)
- Re: Question about SO Rule 3:21355 Jeremy Hoel (Sep 05)
- Re: Question about SO Rule 3:21355 Patrick Mullen (Sep 05)