[ https://bro-tracker.atlassian.net/browse/BIT-1147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15716#comment-15716 ]
Seth Hall commented on BIT-1147: -------------------------------- Hm.. not really. It's probably the most reliable technique to identify it. They literally use the exact same DNS structure, we just encountered reuse of a RR identifier between NBNS and one of the DNS RFCs. We're actually using the port mechanism to identify NBNS queries in script-land anyway (to decide when to decode the encoded MS host names). > topic/seth/dns-srv-fix - Fixing some problems with DNS > ------------------------------------------------------ > > Key: BIT-1147 > URL: https://bro-tracker.atlassian.net/browse/BIT-1147 > Project: Bro Issue Tracker > Issue Type: Patch > Components: Bro > Affects Versions: 2.3 > Reporter: Seth Hall > Assignee: Robin Sommer > > This branch and equivalently named branches are ready for merging in the > public and private test suites. > We generate the event for SRV responses in DNS now. > Fixed several annoying issues with NetBios name service requests and > responses. Fewer incorrect weirds and more correct dns logs now. -- This message was sent by Atlassian JIRA (v6.2-OD-10-004-WN#6253) _______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev