MALWARE-OTHER dns request with long host name segment
I have snort monitoring the camera interface and giving this alert. Is it safe to pass this rule?
Attempted Information Leak -> IP Camera -> 8.8.8.8 -> 53 udp MALWARE-OTHER dns request with long host name segment - possible data exfiltration attempt
snort org /rule_docs/3-30881
Rule Category
MALWARE-OTHER --
Alert Message
MALWARE-OTHER dns request with long host name segment - possible data exfiltration attempt
Rule Explanation
This event is generated when a crafted DNS query is sent to cause a denial-of-service issue in DNSMasq. Impact: Attempted Denial of Service Details: Ease of Attack:
What To Look For
This rule detects a specially crafted DNS request that can crash DNSMasq.
Best regards,