[Bro] Bad DNS Detection
Azoff, Justin S
jazoff at illinois.edu
Tue Mar 8 05:09:12 PST 2016
This script that I wrote a while ago may help:
It creates an external_dns.log file (which is just dns.log that has been pre-filtered for you) as well as raising notices when it detects clients using external dns servers.
--
- Justin Azoff
> On Mar 8, 2016, at 12:53 AM, Umut Arus <umuta at sabanciuniv.edu> wrote:
>
> Hi,
>
> I'm setting up bro IDS recently. I will listen DNS traffic by span port but I wonder, how can I detect malwares and victim clients that is used bad DNS in network?
>
> thanks.
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160308/cfef4ebc/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: external-dns.bro
Type: application/octet-stream
Size: 2738 bytes
Desc: external-dns.bro
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160308/cfef4ebc/attachment.obj
More information about the Bro
mailing list