[Snort-devel] EDNS-Client-Subnet ECS

Russ rucombs at ...3461...
Fri Mar 17 10:21:50 EDT 2017


Can you give an example of your use case(s)?  Are you looking just to 
log extra data with an event like XFF or are you looking for a way to 
match on the content?

On 3/16/17 5:34 AM, Da Pozzo Matteo wrote:
>
> Hi,
>
> I would like if there is any plan for development regarding 
> EDNS-Client-Subnet (like field extraction for Original-client-IP for 
> HTTP) . I think that It could be useful for security purposes in 
> existing deployments in order to use DNS query content like XFF for HTTP.
>
> Please, let me know about your opinion.
>
> Thanks in advance,
>
>
> Best Regards.
>
> Matteo
>
>
>
> Matteo Da Pozzo
>
> Communication Valley
> Via Robert Koch, 1/4
> 20152 - Milano - ITALY
> phone: +39 02 535761
> mobile: +39 345 4954311
> m.dapozzo at ...3663... <mailto:m.dapozzo at ...3663...>
> www.reply.it
>
> Communication Valley
>
> ------------------------------------------------------------------------
>
> --
> The information transmitted is intended for the person or entity to 
> which it is addressed and may contain confidential and/or privileged 
> material. Any review, retransmission, dissemination or other use of, 
> or taking of any action in reliance upon, this information by persons 
> or entities other than the intended recipient is prohibited. If you 
> received this in error, please contact the sender and delete the 
> material from any computer.
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20170317/cdd785b9/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 3145 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20170317/cdd785b9/attachment.png>


More information about the Snort-devel mailing list