[Bro] reverse DNS based on bro's forward DNS query log
Stephane Chazelas
stephane.chazelas at gmail.com
Fri Aug 24 07:41:40 PDT 2012
2012-08-23 11:15:23 -0400, Seth Hall:
>
> On Aug 23, 2012, at 10:48 AM, Stephane Chazelas <stephane.chazelas at gmail.com> wrote:
>
> > $ tail -1 dns.log
> > 1345732627.030897 jUJU3ZwGOv4 x.x.x.x 54866 x.x.x.x 53 udp 44687 static.ak.facebook.com 1 C_INTERNET 1 A 0 NOERROR F F
> > F T T 0 static.ak.facebook.com.edgesuite.net,a749.dsw4.akamai.net,84.53.132.80,84.53.132.88 3364.000000,348.000000,15.000000,15.000000
> >
> > $ dig -x 84.53.132.88 +short
> > static.ak.facebook.com.C-EU.120823T143707.
>
> That's cool! Definitely send along anything you can. I'm sure that quite a few people will be interested in this (I am).
[...]
Here you go:
https://github.com/stephane-chazelas/bro-pdns-forward-dns
please test and tell me what you think.
--
Stephane
More information about the Bro
mailing list