You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently I am not anymore in the network traffic monitoring job position, but AFAIR, this was a regular annoyance - repeating of A and AAAA queries in subsequent manner. So, if not mistaken, this decision was done to reduce the redundancy in such cases
As seen, DNS entries for a host can have multiple addresses, both for IPv4 and IPv6. The client will make a AAAA request, followed immediately by an A request. Happy Eyeballs, says the client must attempt to make a connection to the first IP address that is returned, regardless of address family.
Question
Hey @stamparm, just a small question:
Why are DNS quieries with type 28 filtered out in this line?
maltrail/sensor.py
Line 738 in f0bc2e9
Shouldn't AAAA requesters also be analyzed regarding suspicious ___domain names?
Thanks for your time!
Greetings, Janik
The text was updated successfully, but these errors were encountered: