[Oisf-devel] Application Layer & DNS
Carl Soeder
csoeder at bbn.com
Mon Jan 7 18:31:15 UTC 2013
Hi,
I want to add the capability for Suricata to check various fields in the
content of a DNS packet such as invalid query class, invlaid query type,
invalid response class, invlaid response type, time-to-live of cached RR
below a certain threshold, invalid label character, .
It seems the right way to do this may be to add an application layer module.
Would you agree?
I couldn't find documentation about application layer modules on the web
site. Is there any available?
It appears an application layer module is triggered by packet content. I got
this impression by looking at calls to AplProtoAdd. Is this correct? Is
there a way to trigger an application layer module based on port?
Thanks,
Carl Soeder
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20130107/5ed07c7a/attachment.html>
More information about the Oisf-devel
mailing list