[Oisf-users] rule for dnscat?

Tue Mar 13 13:41:20 UTC 2018

Hi,

The Emerging Threats PRO ruleset [1] contains several sigs for detecting
DNSCat tunneling.

[1] https://www.proofpoint.com/us/threat-insight/et-pro-ruleset

Best,

Jack

On Mon, Mar 12, 2018 at 12:05 AM, Blason R <blason16 at gmail.com> wrote:

> Hi there,
>
> Is anyone aware if any rule available to detect or block DNScat tool? Can
> someone please point me?
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180313/9c4363ed/attachment-0002.html>