[Oisf-users] What is this rule telling me?

James Moe jimoe at sohnen-moe.com
Sat Dec 9 19:52:17 UTC 2017

suricata 4.0.1
linux 4.4.92-31-default x86_64

  I have been seeing these in the logs recently:

12/09/2017-08:41:47.525192  [**] [1:2013743:4] ET INFO DYNAMIC_DNS Query
to a Suspicious no-ip Domain [**] [Classification: Potentially Bad
Traffic] [Priority: 2] {UDP} ->

  Oddly this was not logged in <alert-debug.log>.

  Is <> considered bad?

INFO DYNAMIC_DNS Query to a Suspicious no-ip
Domain","category":"Potentially Bad

James Moe
moe dot james at sohnen-moe dot com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20171209/61b12325/attachment.sig>

More information about the Oisf-users mailing list