This repository has been archived by the owner on May 23, 2019. It is now read-only.

PassiveDNS

Jump to bottom

Wes edited this page Jul 1, 2014 · 1 revision

Simple passive dns integration

Ubuntu

install the gamelinux passive dns sensor

$ sudo apt-get git build-essential libldns-dev libpcap-dev
$ git clone https://github.com/gamelinux/passivedns
$ cd passivedns/src && make
$ sudo make install
$ sudo passivedns -i eth0

test with the following CIF config

confidence = 95
tlp = green
tags = 'passive'

# https://github.com/gamelinux/passivedns
[gamelinux]
provider = localhost
remote = /var/log/passive.log
parser = delim
pattern = '^(\d+\.\d+)\|\|[\w\.]+\|\|[\w\.]+\|\|[\w\.]+\|\|([\w\.]+)\.\|\|[A-Z]\|\|([\w\.]+)\|\|'
values = 'firsttime,rdata,observable'
lasttime = <firsttime>

TODO

https://github.com/JustinAzoff/passive-dns