[Bro] detect-external-names.bro

Vikram Basu vikrambasu059 at gmail.com
Wed Jul 19 04:57:16 PDT 2017


Hi,

I am confused what the protocols/dns/detect-external-names.bro script is actually doing. The documentation reads 
“This script detects names which are not within zones considered to be local but resolving to addresses considered local. The Site::local_zones variable must be set appropriately for this detection.”

What does ‘names which are not within zones considered to be local but resolving to addresses considered local’ mean? And how is it determined ? 
Can you give an example which makes this clearer ?

Regards

Vikram Basu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170719/39645656/attachment.html 


More information about the Bro mailing list