When inspecting DNS traffic it can be useful to log the domain names that are part of the DNS request. In order to accomplish this you can use a custom IPS signature:
IPS
Custom Signature: F-SBID( --attack_id 4153; --name DOM-ALL; --protocol udp;
--service dns; --log DNS_QUERY;)
The signature below allows you to search for and prevent DNS lookups for a specified domain, in this example xyz.com.
set
signature F-SBID( --name xyz.com; --protocol udp;
--service dns; --pattern xyz.com; --context host;
--no_case; --default_action drop;)
(Danke C.R)
No comments:
Post a Comment