Project

General

Profile

Actions

Feature #4758

open

dns: weird query should have app-layer-event?

Added by Victor Julien about 3 years ago. Updated 6 months ago.

Status:
Feedback
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

Request    A &eventtype=close&reason=5&duration=5285

See attached pcap. Ran this against rules/dns-events.rules but it triggers nothing. Wondering if it should. Regular rule matches do work.

Files

dns-weird.pcap (139 Bytes) dns-weird.pcap Victor Julien, 10/16/2021 11:18 AM
Actions

Also available in: Atom PDF