Level to HN: Detect DOH and Other DNS-Much less IP Traffic
Yea, we had to focus on the code and functionality first. The Readme needs to be improved.In a nutshell, we added code where outbound TCP connections are made. Before making a connection it does a quick mysql lookup to see if the IP address was added, by the suricata DNS parsing code. If the IP…
Yea, we needed to focal point on the code and functionality first. The Readme needs to be improved.
In a nutshell, we added code where outbound TCP connections are made. Earlier than making a connection it does a short mysql lookup to stare if the IP deal with became added, by the suricata DNS parsing code. If the IP deal with is chanced on in the table it prints “IP deal with is in the table” if no longer this might add it to the table.
The following modifcation will distinguish between the two inserts. Currently it would now not provide records to expose aside between a DNS resolution IP and one which is added one day of the TCP hand shake.
The goal here is to tightly couple TCP hand shakes (contemporary TCP connections) to DNS solutions. It is orderly hasty on chronicle of we’re no longer having a detect at every packet, correct the TCP connection setup.
Subscribe to the newsletter news
We hate SPAM and promise to keep your email address safe