-
-
Notifications
You must be signed in to change notification settings - Fork 95
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Alert Notification Popup Should Resolve IP Address To Hostname (DNS Record) #43
Comments
The biggest problem with that is that reverse DNS isn't trustworthy; it's easy to forge the record, or have it display a wrong domain (there can be multiple domains associated with one IP). Showing information that can be wrong is a bad idea for security software. That said: if somebody figures out a compromise, it's definitely something valuable to have. |
Thanks for the quick reply. I guess using traceroute will have to do for the time being. It's more fun anyway. :-) |
Hi,
This feature was implemented a while back but wasn't working everytime. It should still be there anyway… I don't remember disabling it :-)
Thanks
Khan
…________________________________
De : BADJAG <notifications@github.com>
Envoyé : Monday, July 23, 2018 12:23:28 AM
À : wokhansoft/WFN
Cc : Subscribed
Objet : Re: [wokhansoft/WFN] Alert Notification Popup Should Resolve IP Address To Hostname (DNS Record) (#43)
Thanks for the quick reply. I guess using traceroute will have to do for the time being. It's more fun anyway. :-)
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fwokhansoft%2FWFN%2Fissues%2F43%23issuecomment-406901763&data=02%7C01%7C%7C6e84202b8ea04cb172cc08d5f021c054%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636678950107741907&sdata=iYMlwjyKa8vOuPqxj3DnlKZNRAYk9h0c6RgsI%2BvOcyg%3D&reserved=0>, or mute the thread<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAXrQzVgYOURR7fNXkCj5ahFMeLgHmyECks5uJPtggaJpZM4VZ-Gz&data=02%7C01%7C%7C6e84202b8ea04cb172cc08d5f021c054%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636678950107741907&sdata=5TTs9NV42sGF3lepaMrNBQKt9YaFrXBnyXEkDx9s9rk%3D&reserved=0>.
|
I disabled it some time ago for two reasons: the one stated above, and the DNS lookup was itself triggering WFN notifications. |
This is in the pipeline - implemented a DNS resolver working in the background. Currently working on integration with SecurityLog and then maybe Map and Connections |
DNS Resolver is implemented for Security Log, Connections, Map and Notifier (tooltip on Target IP option). However today there are many host IP's which have no DNS entry resulting in No such host is known when resolved. If you click on the Target IP link in Notifier it will do a lookup on an online service to get more details. Note: Just noticed, that clicking on the Target IP link in Notifier crashes in the netcore3 version. |
Any crashing with netcore31 should be due to missing assemblies (since they are now pulled from nuget). Hopefully 😁 |
Crash fixed with #76 |
Btw: The TargetInfoUrl and TargetPortUrl for the online service to use can be configured in the settings config file. |
Hi, I'd like to propose a minor enhancement to the alert notification popup. In the "ADVANCED RULE SETTINGS" section of the popup, it'd be nice if the "TARGET" IP address resolved to a hostname as well. This would save the effort of having to look up the destination IP via traceroute or a reverse IP lookup on the web. Thanks.
The text was updated successfully, but these errors were encountered: