[Bro-Dev] [JIRA] (BIT-1460) DPD query too large on multicast DNS

Seth Hall (JIRA) jira at bro-tracker.atlassian.net
Fri Sep 4 05:11:00 PDT 2015


     [ https://bro-tracker.atlassian.net/browse/BIT-1460?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Seth Hall updated BIT-1460:
---------------------------
    Labels: analyzer  (was: )

> DPD query too large on multicast DNS
> ------------------------------------
>
>                 Key: BIT-1460
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1460
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: BinPAC
>    Affects Versions: 2.4
>            Reporter: Michal Purzynski
>              Labels: analyzer
>         Attachments: dnsm.pcap
>
>
> Lots of
> 1440024833.696698	CZdljELZjJSLLQpxj	10.251.27.165	5353	224.0.0.251	5353	udp	DNS	DNS_Conn_count_too_large
> 1440024920.764444	CgVrZf4IQ0Tc04EfQe	10.251.29.250	5353	224.0.0.251	5353	udp	DNS	DNS_Conn_count_too_large
> 1440024920.764923	C4oQOB2GRRhDHW1i4g	fe80::6676:baff:feb5:772c	5353	ff02::fb	5353	udp	DNS	DNS_Conn_count_too_large
> 1440024981.016577	CsCwiq3qk2Uxjhomjj	fe80::1c8a:768d:e113:e39f	5353	ff02::fb	5353	udp	DNS	DNS_Conn_count_too_large
> 1440024981.015551	CA1nbO23vgbca2PBYi	10.251.28.176	5353	224.0.0.251	5353	udp	DNS	DNS_Conn_count_too_large
> 1440025022.962007	C5kYaG3BckRrVOot89	10.251.26.99	5353	224.0.0.251	5353	udp	DNS	DNS_Conn_count_too_large
> 1440025022.962049	CrkZft38lJ0YqGqxsl	fe80::2acf:e9ff:fe1a:9aed	5353	ff02::fb	5353	udp	DNS	DNS_Conn_count_too_large
> for just UDP and port 5353 - multicast DNS
> Pcaps attached.



--
This message was sent by Atlassian JIRA
(v7.0.0-OD-02-259#70102)


More information about the bro-dev mailing list