Project

General

Profile

Actions
Copy link

Feature #2198

open

Extend the DNS parser to accept dns_response keyword in signatures

Added by Anonymous over 6 years ago. Updated over 4 years ago.

Status:
New
Priority:
Normal
Assignee:
Community Ticket
Target version:
TBD
Effort:
Difficulty:
Label:

Description

For A and AAAA records it would be interesting to match on the IP received from the DNS resolver.
In particular this could be useful to check for potentially sink-holed domains.

Related issues 1 (1 open0 closed)

Related to Suricata - Feature #2448: Add additional buffers for DNS ResponsesNewOISF DevActions
Actions
Copy link
 #1

Updated by Andreas Herz over 6 years ago

  • Tracker changed from Bug to Feature
  • Target version changed from 70 to TBD

Since you assigned yourself, do you want to submit that?

Actions
Copy link
 #2

Updated by Anonymous over 6 years ago

Andreas Herz wrote:

Since you assigned yourself, do you want to submit that?

Yes, it is in the pipeline.
Do you want me to focus on a Rust implentation?

Actions
Copy link
 #3

Updated by Andreas Herz over 6 years ago

Depends on what you prefer, IMHO it would be nice to have it in Rust.

Actions
Copy link
 #4

Updated by Jason Ish about 6 years ago

  • Related to Feature #2448: Add additional buffers for DNS Responses added
Actions
Copy link
 #5

Updated by Andreas Herz almost 5 years ago

  • Assignee changed from Anonymous to Stian Bergseth
Actions
Copy link
 #6

Updated by Victor Julien over 4 years ago

  • Assignee changed from Stian Bergseth to Community Ticket
Actions
Copy link

Also available in: Atom PDF