Feature #2198: Extend the DNS parser to accept dns_response keyword in signatures - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #2198

closed

Extend the DNS parser to accept dns_response keyword in signatures

Feature #2198: Extend the DNS parser to accept dns_response keyword in signatures

Added by Anonymous over 8 years ago. Updated about 1 year ago.

Status:

Rejected

Priority:

Normal

Assignee:

Target version:

Effort:

Difficulty:

Label:

Description

For A and AAAA records it would be interesting to match on the IP received from the DNS resolver.
In particular this could be useful to check for potentially sink-holed domains.

Related issues 2 (1 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: PDF Atom

	Related to Suricata - Feature #2448: dns: additional buffers for DNS Responses	New	Jason Ish	Actions
	Is duplicate of Suricata - Feature #7012: rules: add dns.response sticky buffer	Closed	Nathan Scrivens	Actions

Project

General

Profile

Suricata

Custom queries

Feature #2198

Extend the DNS parser to accept dns_response keyword in signatures

AH Updated by Andreas Herz over 8 years ago Actions
Copy link
#1

Updated by Anonymous over 8 years ago Actions
Copy link
#2

AH Updated by Andreas Herz over 8 years ago Actions
Copy link
#3

JI Updated by Jason Ish about 8 years ago Actions
Copy link
#4

AH Updated by Andreas Herz almost 7 years ago Actions
Copy link
#5

VJ Updated by Victor Julien over 6 years ago Actions
Copy link
#6

VJ Updated by Victor Julien about 1 year ago Actions
Copy link
#7

VJ Updated by Victor Julien about 1 year ago Actions
Copy link
#8

Project

General

Profile

Suricata

Custom queries

Feature #2198

Extend the DNS parser to accept dns_response keyword in signatures

AH Updated by Andreas Herz over 8 years ago ActionsCopy link #1

Updated by Anonymous over 8 years ago ActionsCopy link #2

AH Updated by Andreas Herz over 8 years ago ActionsCopy link #3

JI Updated by Jason Ish about 8 years ago ActionsCopy link #4

AH Updated by Andreas Herz almost 7 years ago ActionsCopy link #5

VJ Updated by Victor Julien over 6 years ago ActionsCopy link #6

VJ Updated by Victor Julien about 1 year ago ActionsCopy link #7

VJ Updated by Victor Julien about 1 year ago ActionsCopy link #8

AH Updated by Andreas Herz over 8 years ago Actions
Copy link
#1

Updated by Anonymous over 8 years ago Actions
Copy link
#2

AH Updated by Andreas Herz over 8 years ago Actions
Copy link
#3

JI Updated by Jason Ish about 8 years ago Actions
Copy link
#4

AH Updated by Andreas Herz almost 7 years ago Actions
Copy link
#5

VJ Updated by Victor Julien over 6 years ago Actions
Copy link
#6

VJ Updated by Victor Julien about 1 year ago Actions
Copy link
#7

VJ Updated by Victor Julien about 1 year ago Actions
Copy link
#8