Hej!
Dvs 0/64 detections men
Crowdsourced IDS Rules:
Matches rule MALWARE-CNC DNS Fast Flux attempt from Snort registered user ruleset
trojan-activity
Unique rule identifier: 1:57756:
och
Matches rule PROTOCOL-DNS SPOOF query response with TTL of 1 min. and no authority from Snort registered user ruleset
Vad innebär detta dessa två?
Dvs 0/64 detections men
Crowdsourced IDS Rules:
Matches rule MALWARE-CNC DNS Fast Flux attempt from Snort registered user ruleset
trojan-activity
Unique rule identifier: 1:57756:
alert udp $EXTERNAL_NET 53 -> $HOME_NET any ( msg:"MALWARE-CNC DNS Fast Flux attempt"; flow:to_client; content:"|00 01|",depth 2,offset 4; byte_test:2,>,1,0,relative; byte_test:1,=,1,2,bitmask 0x80; content:"|00 01 00 01|",distance 6; content:"|00 01 00 01 00 00 00 05|",distance 0; metadataolicy max-detect-ips drop; service:dns; reference:url,attack.mitre.org/techniques/T1568/001/; classtype:trojan-activity; sid:57756; rev:2; )
och
Matches rule PROTOCOL-DNS SPOOF query response with TTL of 1 min. and no authority from Snort registered user ruleset
alert udp $EXTERNAL_NET 53 -> $HOME_NET any ( msg:"PROTOCOL-DNS SPOOF query response with TTL of 1 min. and no authority"; flow:to_client; content:"|81 80|",depth 4,offset 2,fast_pattern; byte_test:2,>,0,0,relative,big; byte_test:2,>,0,2,relative,big; content:"|00 00 00 00|",within 4,distance 4; content:"|C0 0C 00 01 00 01|",distance 0; byte_test:4,<,61,0,relative,big; byte_test:4,>,0,0,relative,big; metadataolicy max-detect-ips drop,ruleset community; service:dns; classtype:bad-unknown; sid:254; rev:16; )
Vad innebär detta dessa två?