[Bro] SMB2 module
dani.nicolo at gmail.com
Fri Mar 20 16:35:41 PDT 2015
2015-03-20 20:27 GMT+01:00 Seth Hall <seth at icir.org>:
> > On Mar 20, 2015, at 3:08 PM, Vlad Grigorescu <vlad at grigorescu.org>
> > Of course, the "better" solution would be to fix the system so that it
> can do reverse DNS lookups (and TXT queries for detect-MHR) :-)
At the line 35 of
script there's the function
that invoke DNS lookup, so I think definitely that the problem is in this
> Another option here is to force Bro into a mode where it fakes DNS
> responses internally. Unfortunately there isn’t a switch to enable this in
> scripts, but you can change the behavior with an environment variable:
> BRO_DNS_FAKE=1 bro -r somepackets.pcap
I've tried to run bro with BRO_DNS_FAKE=1 env but unfortunately it didn't
I've received the SIGSEV signal, below you can see the gdb log
Program received signal SIGSEGV, Segmentation fault.
0x000000000060a5d9 in SerializationFormat::WriteData (this=0x7ffff001b780,
b=b at entry=0x7fffff7ff03c, count=count at entry=2)
87 memcpy(output + output_pos, b, count);
(gdb) p output
$1 = 0x7fff51d14010 "\001"
As Vlad as suggested to me, I'm going to disable these scripts and I'll let
you know asap.
Thank you so much.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro