[Bro] SMB2 module
Seth Hall
seth at icir.org
Fri Mar 20 12:27:17 PDT 2015
> On Mar 20, 2015, at 3:08 PM, Vlad Grigorescu <vlad at grigorescu.org> wrote:
>
> Of course, the "better" solution would be to fix the system so that it can do reverse DNS lookups (and TXT queries for detect-MHR) :-)
Another option here is to force Bro into a mode where it fakes DNS responses internally. Unfortunately there isn’t a switch to enable this in scripts, but you can change the behavior with an environment variable:
BRO_DNS_FAKE=1 bro -r somepackets.pcap
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list