[Bro-Dev] #769: Detect non-caching recursive resolvers
Bro Tracker
bro at tracker.bro-ids.org
Wed Feb 15 19:06:38 PST 2012
#769: Detect non-caching recursive resolvers
------------------------------+------------------------
Reporter: seth | Owner: seth
Type: Feature Request | Status: new
Priority: Normal | Milestone:
Component: Bro | Version: git/master
Resolution: | Keywords:
------------------------------+------------------------
Comment (by gregor):
> - Detect recursive resolvers. This should probably be added to the
> intelligence framework so that it could be autodetected and people
could
> add their own locally known information to it. We should be able to
> detect them by watching for lots of authoritative requests but there
are
> probably other indicators we could use as well.
The RD (recursion desired) flag is another indicator. It should be off for
recursive resolvers.
cu
Gregor
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/769#comment:0>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list