[Oisf-users] What does this message mean?
James Moe
jimoe at sohnen-moe.com
Mon Jun 29 22:20:41 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/29/2015 11:01 AM, Andreas Moe wrote:
> Firstly the rule itself in the suricata rules folder (as defined in
> the suricata config) will show what this rule will trigger on.
>
alert dns any any -> any any (msg:"SURICATA DNS Unsollicited
response"; flow:to_client; app-layer-event:dns.unsollicited_response;
sid:2240001; rev:1;)
The rule says the same thing as the comment (also misspelled). No
further info here.
The docs say much the same as your post: "Look at the rule; it is so
informative."
> Comments are usualy provided [...]
>
Not in this case. Or most other rules that I have read.
My questions are:
- - How is this a problem?
- - What kind of attack or intrusion is implied by a (seemingly)
spurious response?
- --
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlWRxLkACgkQzTcr8Prq0ZMuvgCfdZv8b14p2ccEO2NxWxAl0UZC
nb8An2aJCsAv76kNmUup91l9DqfVM9bU
=5H+T
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list