Whomever created this dns query blacklist alert didn't include documentation.
(1:41083) BLACKLIST suspicious .bit dns query
alert udp $HOME_NET any -> any 53 (msg:"BLACKLIST suspicious .bit dns query"; flow:to_server; byte_test:1,!&,0xF8,2; content:"|03|bit|00|"; fast_pattern:only; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service dns; classtype:trojan-activity; sid:41083; rev:1; )
If I had to guess I think it's related to the .bit tld or something similar which stated.
Per the reddit The advantage to owning a .bit domain is that no government or third-party can have your DNS interrupted, it is truly a P2P DNS system with no possibility of censorship.
More about neonprimetime
Top Blogs of all-time
- pagerank botnet sql injection walk-thru
- DOM XSS 101 Walk-Through
- An Invoice email and a Hot mess of Java
Top Github Contributions
Copyright © 2016, this post cannot be reproduced or retransmitted in any form without reference to the original post.
Log auditing Regularly review DNS logs play nintendo switch games on pc for free for attempts to resolve .bit domains.
ReplyDelete