[Bro-Dev] [JIRA] (BIT-1147) topic/seth/dns-srv-fix - Fixing some problems with DNS

Seth Hall (JIRA) jira at bro-tracker.atlassian.net
Mon Mar 10 05:51:18 PDT 2014


    [ https://bro-tracker.atlassian.net/browse/BIT-1147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15716#comment-15716 ] 

Seth Hall commented on BIT-1147:
--------------------------------

Hm.. not really.  It's probably the most reliable technique to identify it.  They literally use the exact same DNS structure, we just encountered reuse of a RR identifier between NBNS and one of the DNS RFCs.  We're actually using the port mechanism to identify NBNS queries in script-land anyway (to decide when to decode the encoded MS host names).

> topic/seth/dns-srv-fix - Fixing some problems with DNS
> ------------------------------------------------------
>
>                 Key: BIT-1147
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1147
>             Project: Bro Issue Tracker
>          Issue Type: Patch
>          Components: Bro
>    Affects Versions: 2.3
>            Reporter: Seth Hall
>            Assignee: Robin Sommer
>
> This branch and equivalently named branches are ready for merging in the public and private test suites.
> We generate the event for SRV responses in DNS now.  
> Fixed several annoying issues with NetBios name service requests and responses.  Fewer incorrect weirds and more correct dns logs now.



--
This message was sent by Atlassian JIRA
(v6.2-OD-10-004-WN#6253)


More information about the bro-dev mailing list