[Oisf-users] rule for dnscat?

Blason R blason16 at gmail.com
Tue Mar 13 14:49:44 UTC 2018


I see thanks for the update. That is commercial one looking for Free one.

On Tue, Mar 13, 2018 at 7:11 PM, Jack Mott <jmott at emergingthreats.net>
wrote:

> Hi,
>
> The Emerging Threats PRO ruleset [1] contains several sigs for detecting
> DNSCat tunneling.
>
> [1] https://www.proofpoint.com/us/threat-insight/et-pro-ruleset
>
> Best,
>
> Jack
>
> On Mon, Mar 12, 2018 at 12:05 AM, Blason R <blason16 at gmail.com> wrote:
>
>> Hi there,
>>
>> Is anyone aware if any rule available to detect or block DNScat tool? Can
>> someone please point me?
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>> Conference: https://suricon.net
>> Trainings: https://suricata-ids.org/training/
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180313/a1270206/attachment-0002.html>


More information about the Oisf-users mailing list