PROTOCOL-DNS Malformed DNS query with HTTP content. What's the angle?

["Moore, Jim" <jmoore () thebank com>]

Last night we had a whole series of these probes.  The packets were
addressed to UDP port 53 but contained nothing but HTTP headers, like
so:

GET / HTTP/1.1
Host: www

It's not clear to me what the prober is trying to accomplish.  The alert
triggered has no documentation, refers only to RFC 2616 (HTTP 1.1), and
I haven't found anything elsewhere about this type of probe either.
Anybody have any ideas?

Thanks!
Jim Moore


-- 
James J. Moore, Network Administrator
NexTier Bank
245 Pittsburgh Road
Butler, PA  16001
jmoore () thebank com
Phone: 724-214-6205
Cell:  724-355-6718

This message and any attachments are intended for the sole use
of the addressee and may contain information that is privileged 
and confidential.  If the reader of the message is not the intended
recipient or an authorized  representative of the intended recipient,
you are hereby notified that any dissemination of this communication
is strictly prohibited.  If you have received this communication in error,
notify the sender immediately by return email and delete the message
and any attachments from your system.

------------------------------------------------------------------------------
Start Your Social Network Today - Download eXo Platform
Build your Enterprise Intranet with eXo Platform Software
Java Based Open Source Intranet - Social, Extensible, Cloud Ready
Get Started Now And Turn Your Intranet Into A Collaboration Platform
http://p.sf.net/sfu/ExoPlatform
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!