Closed defensivedepth closed 6 months ago
bump :)
I believe the project wanted to move these feature requests to discussions per this post.
I for one would love to see this added to opencanary.
Ah ok.
Well, I already have this module working locally, so at this point it's more about would the project accept a PR for this functionality?
Hi @defensivedepth,
Im so sorry about the delay. Please please please submit a PR so I can fight for it to be included. It looks great and any indication of badness sounds like a great idea.
Would the project accept a PR for support for a canary LLMNR service?
[-] MiniLLMNR starting on 5355
[-] Starting protocol <opencanary.modules.llmnr.MiniLLMNR object at 0x7fd1d66c89d0>
[stdout#info] Sent 1 packets.
[stdout#info] Received LLMNR response for known query
{"dst_host": "", "dst_port": -1, "level": "warning", "local_time": "2023-12-29 14:32:11.722335", "local_time_adjusted": "2023-12-29 14:32:11.722349", "logdata": "Suspicious LLMNR activity detected. Query: fileserver02, Source IP: 192.168.16.24", "logtype": null, "node_id": "opencanary-1", "src_host": "", "src_port": -1, "utc_time": "2023-12-29 14:32:11.722345"}
{"dst_host": "0.0.0.0", "dst_port": 5355, "local_time": "2023-12-29 14:32:11.722551", "local_time_adjusted": "2023-12-29 14:32:11.722565", "logdata": {"RESPONSE": "DNS Ans \"192.168.16.24\" ", "SOURCE_IP": "192.168.16.24"}, "logtype": null, "node_id": "opencanary-1", "src_host": "192.168.16.24", "src_port": 5355, "utc_time": "2023-12-29 14:32:11.722561"}`
Responder: