Jon Siwek created BIT-1122:
------------------------------
Summary: topic/jsiwek/dns-improvements
Key: BIT-1122
URL: https://bro-tracker.atlassian.net/browse/BIT-1122
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: git/master
Reporter: Jon Siwek
Fix For: 2.3
This branch is in bro, bro-testing, and bro-testing-private repos.
- Fixes incorrect parsing of DNS message format for messages with empty
question sections.
- Changes dns.log to only include standard queries (opcode == 1).
- Adds "dns_unknown_reply" event for RR types that Bro doesn't know how to
parse, which improves accuracy of request-reply pair matching performed by the
default DNS scripts.
--
This message was sent by Atlassian JIRA
(v6.2-OD-07-028#6211)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
