Dns invalid additionals 7228 v4 #11794
Draft
+73
−18
Commits on Sep 16, 2024
-
dns: improved handling of corrupt additionals
Ticket: 7228 That means log the rest of queries and answers, even if the final field additionals is corrupt. Set an event in this case.
Commits on Sep 18, 2024
-
dns: make dns probing function stricter
To accomodate cases found in QA. The case looks like a CnC channel on port 53, but not using DNS. First request has a very big record length, but all the header fields indicating numbers are 0. First reply has a very big record length as well, there is one non-zero field for number, but the flag indicates a request...
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.