Actions
Feature #4758
opendns: weird query should have app-layer-event?
Effort:
Difficulty:
Label:
Description
Request A &eventtype=close&reason=5&duration=5285
See attached pcap. Ran this against
rules/dns-events.rules
but it triggers nothing. Wondering if it should. Regular rule matches do work.
Files
Updated by Philippe Antoine over 1 year ago
Why should it have an app-layer event ?
Because you use characters not allowed in domain names such as &
?
This looks more a case for a regular rule, does it not ?
Updated by Philippe Antoine 6 months ago
- Tracker changed from Bug to Feature
- Target version set to TBD
Updated by Philippe Antoine 6 months ago
- Status changed from New to Feedback
- Assignee set to Community Ticket
Actions