Project

General

Profile

Actions

Feature #1438

closed

DNS Type nxdomain

Added by Lucky b56 over 7 years ago. Updated about 7 years ago.

Status:
Closed
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

Right now I see 4-5 types of DNS type records. It would be great if you could include nxdomain (i.e domain doesn't exist) type too.
This will help tracking down future malicious domains which are generated by DGA. Malware authors don't register all the domains together and do in batch. Digging through nxdomain records will give great analytic value.

Actions #1

Updated by Victor Julien over 7 years ago

  • Status changed from New to Assigned
  • Assignee set to David Cannings
  • Priority changed from High to Normal
  • Target version set to 3.0RC1
Actions #2

Updated by Victor Julien over 7 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100
Actions #3

Updated by Victor Julien over 7 years ago

  • Target version changed from 3.0RC1 to 2.1beta4
Actions #4

Updated by Lucky b56 about 7 years ago

Victor Julien wrote:

https://github.com/inliniac/suricata/pull/1425

Great. Works perfect!

Actions

Also available in: Atom PDF