Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DNSSinkhole analyzer #434

Merged
merged 4 commits into from May 17, 2019

Conversation

Projects
None yet
3 participants
@garanews
Copy link
Contributor

commented Mar 1, 2019

Analyzer for query DNSSinkhole installed locally (ex. using BIND)

image

DNSSinkhole analyzer
Analyzer for query DNSSinkhole

@nadouani nadouani added this to the 1.17.0 milestone Apr 2, 2019

@nadouani nadouani self-assigned this Apr 26, 2019

@jeromeleonard jeromeleonard self-assigned this May 15, 2019

@jeromeleonard

This comment has been minimized.

Copy link
Contributor

commented May 15, 2019

Thank you @garanews for this analyzer. I see that you consider a domain is sinkholed only if the dns query returns 127.0.0.2. If your sinkhole has another IP address, it will return False. Maybe an idea would be to also configure the sinkhole IP address, and check if the domain resolves with this address instead

garanews added some commits May 15, 2019

@garanews

This comment has been minimized.

Copy link
Contributor Author

commented May 15, 2019

I added it!

immagine

@jeromeleonard

This comment has been minimized.

Copy link
Contributor

commented May 17, 2019

thx you, reviewing it quickly

@jeromeleonard jeromeleonard merged commit 076c088 into TheHive-Project:develop May 17, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.