Feature #2198
closed
Extend the DNS parser to accept dns_response keyword in signatures
Added by Anonymous over 7 years ago.
Updated 2 days ago.
Description
For A and AAAA records it would be interesting to match on the IP received from the DNS resolver.
In particular this could be useful to check for potentially sink-holed domains.
- Tracker changed from Bug to Feature
- Target version changed from 70 to TBD
Since you assigned yourself, do you want to submit that?
Andreas Herz wrote:
Since you assigned yourself, do you want to submit that?
Yes, it is in the pipeline.
Do you want me to focus on a Rust implentation?
Depends on what you prefer, IMHO it would be nice to have it in Rust.
- Related to Feature #2448: Add additional buffers for DNS Responses added
- Assignee changed from Anonymous to Stian Bergseth
- Assignee changed from Stian Bergseth to Community Ticket
- Status changed from New to Rejected
- Assignee deleted (
Community Ticket)
- Target version deleted (
TBD)
- Is duplicate of Feature #7012: rules: add dns.response sticky buffer added
Also available in: Atom
PDF