Business Community > All Threads > MALWARE-OTHER dns request with long host name segment
< All Threads

MALWARE-OTHER dns request with long host name segment

MALWARE-OTHER dns request with long host name segment

MALWARE-OTHER dns request with long host name segment
MALWARE-OTHER dns request with long host name segment
2024-06-05 10:47:05
Tags: #Security Manager #Network Connectivity
Model: VIGI C240I  
Hardware Version: V1
Firmware Version: 2.0.0 Build 231122 Rel.36207n

 

I have snort monitoring the camera interface and giving this alert. Is it safe to pass this rule?

 

Attempted Information Leak -> IP Camera -> 8.8.8.8 -> 53 udp MALWARE-OTHER dns request with long host name segment - possible data exfiltration attempt

 

snort org /rule_docs/3-30881

 

Rule Category

MALWARE-OTHER --

Alert Message

MALWARE-OTHER dns request with long host name segment - possible data exfiltration attempt

Rule Explanation

This event is generated when a crafted DNS query is sent to cause a denial-of-service issue in DNSMasq. Impact: Attempted Denial of Service Details: Ease of Attack:

What To Look For

This rule detects a specially crafted DNS request that can crash DNSMasq.

 

 

Best regards,

 

  0      
 
  0      
 
#1
Options

Information

Helpful: 0

Views: 266

Replies: 0

Tags

Security Manager Network Connectivity
Related Articles
No-IP DNS name too long.
1019 0
Using the DNS name
316 0
Can not change Name of VLAN 1 - name too long
1947 0
400 bad request on http admin page when using DNS resolved name
377 0
Opening a host by domain name
348 0
SUGGESTION+ REQUEST : Allow usage of HOST NAME & IP for the OPTION138 into Routers & Switches
1226 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.