Snort mailing list archives
Re: Query regarding rule Sid 1-31705
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 23 Nov 2015 17:23:19 +0000
All the docs for almost all rules are listed on Snort.org<http://snort.org> if you search for the sid: https://snort.org/rule_docs/1-31705 However, that rule is pretty simple, it looks for a DNS lookup to mytransitguide.com<http://mytransitguide.com>, which is the domain used by the adware. -- Joel Esler Manager, Talos Group On Nov 23, 2015, at 8:18 AM, Raghunath Kulkarni (raghukul) <raghukul () cisco com<mailto:raghukul () cisco com>> wrote: Hi Team, This is in regards to the rule : Sid 1-31705, I was reading through the list of domains that are present under the rule as mentioned in additional references. However I would like to know if there is a possibility to update the detailed information section because when we download the rule in snort, we do not have the option to view the documentation associated with it. Let me know your thoughts on the same. Raghu Kulkarni Technical Services Engineer - Security ------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net> https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org<http://www.snort.org/> Please visit http://blog.snort.org<http://blog.snort.org/> for the latest news about Snort!
------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Query regarding rule Sid 1-31705 Raghunath Kulkarni (raghukul) (Nov 23)
- Re: Query regarding rule Sid 1-31705 Joel Esler (jesler) (Nov 23)
- Re: Query regarding rule Sid 1-31705 Raghunath Kulkarni (raghukul) (Nov 24)
- Re: Query regarding rule Sid 1-31705 Joel Esler (jesler) (Nov 24)
- Re: Query regarding rule Sid 1-31705 Raghunath Kulkarni (raghukul) (Nov 24)
- Re: Query regarding rule Sid 1-31705 Raghunath Kulkarni (raghukul) (Nov 24)
- Re: Query regarding rule Sid 1-31705 Joel Esler (jesler) (Nov 23)