[Bro-Dev] [JIRA] (BIT-1122) topic/jsiwek/dns-improvements
Jon Siwek (JIRA)
jira at bro-tracker.atlassian.net
Tue Jan 28 12:15:58 PST 2014
Jon Siwek created BIT-1122:
------------------------------
Summary: topic/jsiwek/dns-improvements
Key: BIT-1122
URL: https://bro-tracker.atlassian.net/browse/BIT-1122
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: git/master
Reporter: Jon Siwek
Fix For: 2.3
This branch is in bro, bro-testing, and bro-testing-private repos.
- Fixes incorrect parsing of DNS message format for messages with empty question sections.
- Changes dns.log to only include standard queries (opcode == 1).
- Adds "dns_unknown_reply" event for RR types that Bro doesn't know how to parse, which improves accuracy of request-reply pair matching performed by the default DNS scripts.
--
This message was sent by Atlassian JIRA
(v6.2-OD-07-028#6211)
More information about the bro-dev
mailing list