PROTOCOL-DNS -- Snort alerted on a Domain Name Server (DNS) protocol issue. These packets travel over UDP on port 53 to serve DNS queries--user website requests through a browser. Several vulnerability use-cases exist (ie, additional data could be sent with a request, which would contact a DNS server pre-prepared to send information back and forth).
PROTOCOL-DNS SPOOF query response with TTL of 1 min. and no authority
This event is generated when a DNS spoof query response is detected. Impact: Potentially Bad Traffic Details: Ease of Attack:
This event is generated when a DNS spoof query response is detected.
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
None
No information provided
None
Tactic: Initial Access
Technique: Spearphishing via Service
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org