Project

General

Profile

Actions

Feature #1438

closed

DNS Type nxdomain

Added by Lucky b56 almost 9 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

Right now I see 4-5 types of DNS type records. It would be great if you could include nxdomain (i.e domain doesn't exist) type too.
This will help tracking down future malicious domains which are generated by DGA. Malware authors don't register all the domains together and do in batch. Digging through nxdomain records will give great analytic value.

Actions #1

Updated by Victor Julien almost 9 years ago

  • Status changed from New to Assigned
  • Assignee set to David Cannings
  • Priority changed from High to Normal
  • Target version set to 3.0RC1
Actions #2

Updated by Victor Julien almost 9 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100
Actions #3

Updated by Victor Julien almost 9 years ago

  • Target version changed from 3.0RC1 to 2.1beta4
Actions #4

Updated by Lucky b56 over 8 years ago

Victor Julien wrote:

https://github.com/inliniac/suricata/pull/1425

Great. Works perfect!

Actions

Also available in: Atom PDF