DNS.Invalid.OPcode
Description
This signature indicates an anomaly in the usage of the DNS protocol. It indicates detection of a Domain Name Service (DNS) message with invalid operation codes.
DNS is a system that translates between human-readable host or domain names (e.g. www.fortinet.com) and machine-understandable Internet Protocol addresses. If the value of operation code in the DNS message is not defined in relevant RFCs, the message is considered to be malformed.
Affected Products
Any unprotected DNS server may be vulnerable.
Impact
This is an anomaly, which may indicate potential attack attempts.
Recommended Actions
Monitor the traffic from that network for any suspicious activity.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |