Hi, I am getting a few false positives on DNS that return: header flags: response, want recursion, recursion avail.
But:
opcode = QUERY, id = 40, rcode = REFUSED
Causing a false positive by this line:
if(ord(r[3+offset]) & 0x80){
Shouldn't it be:
if ((ord(r[3+offset]) & 0x80) && (ord(r[3+offset]) & 5 == 0)) {
i.e make sure there is no REFUSED answer?
Thanks
Noam Rathaus
CTO
Beyond Security Ltd.
http://www.BeyondSecurity.com
http://www.SecuriTeam.com
