Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Help with SID 3:19187:7

From: "Moises Aaron Venegas Mora" <mvenegas () censystems com mx>
Date: Sun, 23 May 2021 01:47:35 +0000
Hello team.
I was wondering if you could help us with a SID "PROTOCOL-DNS TMG Firewall Client long host entry exploit attempt 
(3:19187:7)" which is generated approx. 165k hits since we upgrade the Snort Rule to the 2021-05-20-001-vrt. Before we 
upgraded the Rules, we had around 33 hits. We were blocking from our DNS Server to our Master DNS Server, but now we 
are blocking from our DNS Server to different destinations some of them are AWS, ESET Server, Azure, Google Cloud, and 
they are affecting the production environment, we want to know if in the most resent rules they were some modifications 
that are impacting us.
Regards.


_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Previous By Date Next
Previous By Thread Next

Current thread: