[Oisf-users] ET TROJAN DNS Reply Sinkhole - Anubis - 195.22.26.192/26

Jordon Carpenter jordon.carpenter at rooksecurity.com
Tue Jan 15 15:11:43 UTC 2019


Team,

This signature:

ET TROJAN DNS Reply Sinkhole - Anubis - 195.22.26.192/26

is generating a ton of alerts from a BYOD network in which I do not care
about at this time. Is there anyway we can pass traffic related to a BYOD
network even though this signature is identifying the source as a DNS
server(which I do not want to suppress)?


*Thanks,Jordon Carpenter*
Rook Security <https://www.rooksecurity.com/>
*Anticipate, Manage, & Eliminate Threats*

O: 888.712.9531 x734 <(888)%20712-9531>
E: jordon.carpenter at rooksecurity.com

[image: rookteam] <https://www.facebook.com/rookteam>    [image:
rooksecurity] <https://twitter.com/rooksecurity>    [image: Rook LinkedIn]
<https://www.linkedin.com/company/rook-security>


This e-mail may contain confidential and privileged material for the sole
use of the intended recipient. Any review, use, distribution or disclosure
by others is strictly prohibited. If you are not the intended recipient (or
authorized to receive for the recipient), please contact the sender by
reply e-mail and delete all copies of this message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190115/65c89455/attachment-0001.html>


More information about the Oisf-users mailing list