MALWARE-OTHER dns request with long host name segment

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

MALWARE-OTHER dns request with long host name segment

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
MALWARE-OTHER dns request with long host name segment
MALWARE-OTHER dns request with long host name segment
2024-06-05 10:47:05
Model: VIGI C240I  
Hardware Version: V1
Firmware Version: 2.0.0 Build 231122 Rel.36207n

 

I have snort monitoring the camera interface and giving this alert. Is it safe to pass this rule?

 

Attempted Information Leak -> IP Camera -> 8.8.8.8 -> 53 udp MALWARE-OTHER dns request with long host name segment - possible data exfiltration attempt

 

snort org /rule_docs/3-30881

 

Rule Category

MALWARE-OTHER --

Alert Message

MALWARE-OTHER dns request with long host name segment - possible data exfiltration attempt

Rule Explanation

This event is generated when a crafted DNS query is sent to cause a denial-of-service issue in DNSMasq. Impact: Attempted Denial of Service Details: Ease of Attack:

What To Look For

This rule detects a specially crafted DNS request that can crash DNSMasq.

 

 

Best regards,

 

  0      
  0      
#1
Options