Home page logo
/

snort logo Snort mailing list archives

Re: External DNS 127.0.0.1 response
From: "lists () packetmail net" <lists () packetmail net>
Date: Sun, 21 Apr 2013 09:01:00 -0500

On 04/20/2013 09:43 AM, James Lay wrote:
Yea so this rule is a semi bust due to exactly where you hit it Nathan…RBL and SBL lookups will FP on this.  That 
being said however this rule might be helpful in organizations that don't host their own mail server

Yeah, I agree, good rule and good idea, thanks as always James for your ideas
and sigs.  I was trying to think of a way to negate SMTP_SERVERS but since this
relies on DNS it's going to hit the recursive forwarders at some point in a
network and trigger.

Cheers,
Nathan

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]