[Bro-Dev] [JIRA] (BIT-1460) DPD query too large on multicast DNS

Vlad Grigorescu (JIRA) jira at bro-tracker.atlassian.net
Thu Sep 10 13:02:00 PDT 2015 

    [ https://bro-tracker.atlassian.net/browse/BIT-1460?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=22019#comment-22019 ] 

Vlad Grigorescu edited comment on BIT-1460 at 9/10/15 3:01 PM:
---------------------------------------------------------------

Yes, these all seem reasonable. Several symptoms of this particular bug were fixed.

I updated the appropriate baselines in topic/vladg/bit-1460 in the bro-testing repo.

Several tests unrelated to DNS seem to be broken, but I believe that's due to BIT-1467. Also, the private test suite seems to be out of date with master, but I didn't see any DNS-related changes.


was (Author: grigorescu):
Yes, these all seem reasonable. Several symptoms of this particular bug were fixed.

> DPD query too large on multicast DNS
> ------------------------------------
>
>                 Key: BIT-1460
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1460
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: BinPAC
>    Affects Versions: 2.4
>            Reporter: Michal Purzynski
>            Assignee: Vlad Grigorescu
>              Labels: analyzer
>         Attachments: dnsm.pcap
>
>
> Lots of
> 1440024833.696698	CZdljELZjJSLLQpxj	10.251.27.165	5353	224.0.0.251	5353	udp	DNS	DNS_Conn_count_too_large
> 1440024920.764444	CgVrZf4IQ0Tc04EfQe	10.251.29.250	5353	224.0.0.251	5353	udp	DNS	DNS_Conn_count_too_large
> 1440024920.764923	C4oQOB2GRRhDHW1i4g	fe80::6676:baff:feb5:772c	5353	ff02::fb	5353	udp	DNS	DNS_Conn_count_too_large
> 1440024981.016577	CsCwiq3qk2Uxjhomjj	fe80::1c8a:768d:e113:e39f	5353	ff02::fb	5353	udp	DNS	DNS_Conn_count_too_large
> 1440024981.015551	CA1nbO23vgbca2PBYi	10.251.28.176	5353	224.0.0.251	5353	udp	DNS	DNS_Conn_count_too_large
> 1440025022.962007	C5kYaG3BckRrVOot89	10.251.26.99	5353	224.0.0.251	5353	udp	DNS	DNS_Conn_count_too_large
> 1440025022.962049	CrkZft38lJ0YqGqxsl	fe80::2acf:e9ff:fe1a:9aed	5353	ff02::fb	5353	udp	DNS	DNS_Conn_count_too_large
> for just UDP and port 5353 - multicast DNS
> Pcaps attached.



--
This message was sent by Atlassian JIRA
(v7.0.0-OD-04-018#70102)

More information about the bro-dev mailing list