Hi, I'm setting up bro IDS recently. I will listen DNS traffic by span port but I wonder, how can I detect malwares and victim clients that is used bad DNS in network? thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160308/993dfa22/attachment.html