[Bro-Dev] [JIRA] (BIT-1156) DNS analyzer parses TXT records imcompletely

Robin Sommer (JIRA) jira at bro-tracker.atlassian.net
Wed Mar 12 18:02:18 PDT 2014


    [ https://bro-tracker.atlassian.net/browse/BIT-1156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15724#comment-15724 ] 

Robin Sommer commented on BIT-1156:
-----------------------------------

,,, or better: pass a set[string] to the event.

> DNS analyzer parses TXT records imcompletely
> --------------------------------------------
>
>                 Key: BIT-1156
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1156
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>            Reporter: Robin Sommer
>             Fix For: 2.3
>
>
> The payload of DNS TXT records can consist of multiple character strings but the DNS analyzer parses out only the first. We should parse them out all and then probably concatenate into a single string to pass to the event, separated with semicolons or something.
> I have a trace with an example but it would need anonymization before inclusion into the test suite.



--
This message was sent by Atlassian JIRA
(v6.2-OD-10-004-WN#6253)


More information about the bro-dev mailing list