Bug #4135: dns: response only udp not detected as dns - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #4135

open

dns: response only udp not detected as dns

Added by Jason Ish about 4 years ago. Updated almost 2 years ago.

Status:

Assigned

Priority:

Normal

Assignee:

Jason Ish

Target version:

8.0.0-beta1

Affected Versions:

6.0.0

Effort:

Difficulty:

Label:

Description

If only a DNS response is seen on a UDP session it will not be detected and parsed as DNS with the default configuration.

Enabling stream.midstream does allow it to be picked up, but this is just an unintended side affect as stream.midstream is really a TCP setting. Likewise, enabling async streams allows this scenario to work for TCP DNS, but doesn't affect UDP DNS.

My feeling is that this should just work with the default configuration.

Related issues 1 (0 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #4135

dns: response only udp not detected as dns

Updated by Victor Julien about 4 years ago

Updated by Victor Julien about 4 years ago

Updated by Victor Julien about 2 years ago

Updated by Victor Julien almost 2 years ago