[Bro] Bad DNS Detection
umuta at sabanciuniv.edu
Tue Mar 8 05:18:49 PST 2016
Thanks but I need a code or configuration that is query the malware dns/ip
sources that is trying to connect and raising notices.
Or how do you realise in your network malwared DDoS clients with the Bro?
On Tue, Mar 8, 2016 at 3:09 PM, Azoff, Justin S <jazoff at illinois.edu> wrote:
> This script that I wrote a while ago may help:
> It creates an external_dns.log file (which is just dns.log that has been
> pre-filtered for you) as well as raising notices when it detects clients
> using external dns servers.
> - Justin Azoff
> > On Mar 8, 2016, at 12:53 AM, Umut Arus <umuta at sabanciuniv.edu> wrote:
> > Hi,
> > I'm setting up bro IDS recently. I will listen DNS traffic by span port
> but I wonder, how can I detect malwares and victim clients that is used bad
> DNS in network?
> > thanks.
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro