IPS
Custom Signature: F-SBID( --attack_id 4153; --name DOM-ALL; --protocol udp;
--service dns; --log DNS_QUERY;)
The signature below allows you to search for and prevent DNS lookups for a specified domain, in this example xyz.com.
(Danke C.R)
Friday, March 14, 2014
Logging DNS Requests
When inspecting DNS traffic it can be useful to log the domain names that are part of the DNS request. In order to accomplish this you can use a custom IPS signature:
The signature below allows you to search for and prevent DNS lookups for a specified domain, in this example xyz.com.
The signature below allows you to search for and prevent DNS lookups for a specified domain, in this example xyz.com.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment