[Bro] Scripts FastFlux
Kellogg, Brian D (OLN)
bkellogg at dresser-rand.com
Tue Dec 9 08:50:26 PST 2014
https://github.com/sooshie/bro-scripts/
I've initiated a pull request for jlay's rep on github to include the ffluxDNS.bro script. This is an update of Seth Hall's original script to work in Bro 2.3. It is also attached. I replaced the custom log file with notices. More work needs to be done with it, but it is working in my environment.
Has anyone written a script to detect oversized DNS requests? If not, which event/hook would be the best method for checking for these? thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ffluxDNS.bro
Type: application/octet-stream
Size: 4158 bytes
Desc: ffluxDNS.bro
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20141209/445231dd/attachment.obj
More information about the Bro
mailing list