Question about SO Rule 3:21355

[Jeremy Hoel <jthoel () gmail com>]

We started seeing this today from some of our DC's when doing lookups
to various nytimes.com sites  The MS Bulletin references issues with
Exchange and SMTP and the CVE references the DNS lookup in the
smtpsvc.dll in regards to dns caching poisoning.

We are only seeing these for responses from the NYT DNS servers, which
is also odd, not the original request going outboung which makes me
wonder how/what in  the response would trigger this?

And finally.. if the servers are patched with MS10-024, then the could
something else be causing the FP?

Being a SO rule, I don't have much to go on.

------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!