[Bro-Dev] [JIRA] (BIT-1147) topic/seth/dns-srv-fix - Fixing some problems with DNS

Seth Hall (JIRA) jira at bro-tracker.atlassian.net
Mon Mar 10 05:51:18 PDT 2014

    [ https://bro-tracker.atlassian.net/browse/BIT-1147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15716#comment-15716 ] 

Seth Hall commented on BIT-1147:

Hm.. not really.  It's probably the most reliable technique to identify it.  They literally use the exact same DNS structure, we just encountered reuse of a RR identifier between NBNS and one of the DNS RFCs.  We're actually using the port mechanism to identify NBNS queries in script-land anyway (to decide when to decode the encoded MS host names).

> topic/seth/dns-srv-fix - Fixing some problems with DNS
> ------------------------------------------------------
>                 Key: BIT-1147
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1147
>             Project: Bro Issue Tracker
>          Issue Type: Patch
>          Components: Bro
>    Affects Versions: 2.3
>            Reporter: Seth Hall
>            Assignee: Robin Sommer
> This branch and equivalently named branches are ready for merging in the public and private test suites.
> We generate the event for SRV responses in DNS now.  
> Fixed several annoying issues with NetBios name service requests and responses.  Fewer incorrect weirds and more correct dns logs now.

This message was sent by Atlassian JIRA

More information about the bro-dev mailing list