'Re: [Snort-sigs] deny default outbound (was Reverse shell)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-sigs
Subject:    Re: [Snort-sigs] deny default outbound (was Reverse shell)
From:       Bennett Todd <bet () rahul ! net>
Date:       2013-03-25 17:02:47
Message-ID: CAA9gXs909VugpcsSG7Gv=gQvj-N6_xqMF714impm=hSrXXGp_A () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


2013-03-25T12:44 scastle@bouldercounty.org:
> Funny how some workstation suddenly using DNS or SMTP directly to the
outside is such a red flag...;)

Indeed!

It says something that the provided infrastructure for such protocols has
worked so well, and been so available, that unplanned apps using them are
sometimes, perhaps even often, tunneling illicit traffic, or trying to
break legitimate uses.

Spam had been a DoS attack ever since it was popularized by the reaction to
the green card lawyers, and DNS's lack of security has been popular for
amplification attacks, cache poisoning, and remote network mapping.

[Attachment #5 (text/html)]

<p dir="ltr">2013-03-25T12:44 <a \
href="mailto:scastle@bouldercounty.org">scastle@bouldercounty.org</a>:<br> &gt; Funny \
how some workstation suddenly using DNS or SMTP directly to the outside is such a red \
flag...;)</p> <p dir="ltr">Indeed!</p>
<p dir="ltr">It says something that the provided infrastructure for such protocols \
has worked so well, and been so available, that unplanned apps using them are \
sometimes, perhaps even often, tunneling illicit traffic, or trying to break \
legitimate uses.</p>

<p dir="ltr">Spam had been a DoS attack ever since it was popularized by the reaction \
to the green card lawyers, and DNS&#39;s lack of security has been popular for \
amplification attacks, cache poisoning, and remote network mapping.</p>



------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar

_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic