Actions
Bug #4758
opendns: weird query should have app-layer-event?
Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:
Description
Request A &eventtype=close&reason=5&duration=5285
See attached pcap. Ran this against
rules/dns-events.rules
but it triggers nothing. Wondering if it should. Regular rule matches do work.
Files
Updated by Philippe Antoine 9 months ago
Why should it have an app-layer event ?
Because you use characters not allowed in domain names such as &
?
This looks more a case for a regular rule, does it not ?
Actions