Requesting help for adding dns-request on Bro signature langage please

rmkml2 · August 20, 2012, 10:22pm

Hi,

Im try to add new "dns-request" keyword on Bro Signature langage, but it's not fire.
Anyone help please? (Im not a C++/developper)

ok Im test on bro v2.0 on linux plateform.

Modified two files, first is src/Rule.h :

@@ -37,7 +37,7 @@

         enum PatternType {
                 PAYLOAD, HTTP_REQUEST, HTTP_REQUEST_BODY, HTTP_REQUEST_HEADER,
- HTTP_REPLY_BODY, HTTP_REPLY_HEADER, FTP, FINGER, TYPES,
+ HTTP_REPLY_BODY, HTTP_REPLY_HEADER, DNS_REQUEST, FTP, FINGER, TYPES,
         };

bool Active() { return active; }

Second change are src/DNS.cc :

@@ -1093,6 +1093,8 @@
         if ( buf_n < msg_size )
                 // Haven't filled up the message buffer yet, no more to do.
                 return;
+ Conn()->Match(Rule::DNS_REQUEST, (const u_char*) msg_buf,
+ msg_size, true, true, 1, true);

ForwardPacket(msg_size, msg_buf, orig, -1, 0, 0);

With this new signature:
dns-request /.*g.*/

Regards
Rmkml

http://twitter.com/rmkml

Topic		Replies	Views
bro signature http-request double encoded cause FN ? Zeek	1	75	May 6, 2022
RE : bro signature http-request double encoded cause FN ? Zeek	1	77	May 6, 2022
DNS Zeek	2	89	May 6, 2022
DNS request type empty Zeek	2	79	May 6, 2022
creating bro scripts Zeek	1	93	May 6, 2022

Requesting help for adding dns-request on Bro signature langage please

Related Topics