LLMNR Support? #335
Replies: 5 comments 1 reply
-
|
I believe the project wanted to move these feature requests to discussions per this post. I for one would love to see this added to opencanary. |
Beta Was this translation helpful? Give feedback.
-
|
Ah ok. Well, I already have this module working locally, so at this point it's more about would the project accept a PR for this functionality? |
Beta Was this translation helpful? Give feedback.
-
|
Hi @defensivedepth, Im so sorry about the delay. Please please please submit a PR so I can fight for it to be included. It looks great and any indication of badness sounds like a great idea. |
Beta Was this translation helpful? Give feedback.
-
|
no problem! I will get some things cleaned up and get it submitted! |
Beta Was this translation helpful? Give feedback.
-
|
PR is up! |
Beta Was this translation helpful? Give feedback.
-
Would the project accept a PR for support for a canary LLMNR service?
[-] MiniLLMNR starting on 5355[-] Starting protocol <opencanary.modules.llmnr.MiniLLMNR object at 0x7fd1d66c89d0>[stdout#info] Sent 1 packets.[stdout#info] Received LLMNR response for known query{"dst_host": "", "dst_port": -1, "level": "warning", "local_time": "2023-12-29 14:32:11.722335", "local_time_adjusted": "2023-12-29 14:32:11.722349", "logdata": "Suspicious LLMNR activity detected. Query: fileserver02, Source IP: 192.168.16.24", "logtype": null, "node_id": "opencanary-1", "src_host": "", "src_port": -1, "utc_time": "2023-12-29 14:32:11.722345"}
{"dst_host": "0.0.0.0", "dst_port": 5355, "local_time": "2023-12-29 14:32:11.722551", "local_time_adjusted": "2023-12-29 14:32:11.722565", "logdata": {"RESPONSE": "DNS Ans "192.168.16.24" ", "SOURCE_IP": "192.168.16.24"}, "logtype": null, "node_id": "opencanary-1", "src_host": "192.168.16.24", "src_port": 5355, "utc_time": "2023-12-29 14:32:11.722561"}`
Responder:
Beta Was this translation helpful? Give feedback.
All reactions