Emerging Threats SNORT [Was: Re: Exploit for DNS Cache Poisoning - REL EASED]

• From: Paul Ferguson
• Date: Thu Jul 24 00:28:10 2008

• List-archive: <http://mailman.nanog.org/pipermail/nanog>
• List-help: <mailto:[email protected]?subject=help>
• List-id: North American Network Operators Group <nanog.nanog.org>
• List-post: <mailto:[email protected]>
• List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=subscribe>
• List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=unsubscribe>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -- "Paul Ferguson" <[email protected]> wrote:

>-- Jared Mauch <[email protected]> wrote:
>
>>If your nameservers have not been upgraded or you did
>>not enable the proper flags, eg: dnssec-enable and/or dnssec-validation
>>as applicable, I hope you will take another look.
>
>Let's hope some very large service providers get their act together
>real soon now.
>
>http://www.hackerfactor.com/blog/index.php?/archives/204-Poor-DNS.html

Sorry to respond to my own post, but I thought this might be of
interest to the list.

Matt Jonkman, over at Emerging Threats (previously known as Bleeding
Threats) has a 'prototype' SNORT sig for these attacks -- try it
out and provide feedback, if you are so inclined.

http://www.emergingthreats.net/content/view/87/9/

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFIiASRq1pz9mNUZTMRAmjnAKDYOmtUbm+er2OBUfjxcGdNWggOlgCfYbkn
V8pibFdRpbHul2PrZu0oBg0=
=QPWh
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/

• Prev by Date: Re: Exploit for DNS Cache Poisoning - RELEASED
• Next by Date: Re: XO contact
• Date Index
• Thread Index
• Author Index
• Historical