[Bro] Bad DNS Detection
Umut Arus
umuta at sabanciuniv.edu
Wed Mar 9 05:53:33 PST 2016
Hi James,
Maltrail is a wonderful tool that I'm looking for.
thanks.
On Tue, Mar 8, 2016 at 3:57 PM, James Lay <jlay at slave-tothe-box.net> wrote:
> This will get you there:
>
> https://intel.criticalstack.com/
>
> also, not bro related, but graphically shows what you're looking for:
>
> https://github.com/stamparm/maltrail
>
> James
>
> On Tue, 2016-03-08 at 15:18 +0200, Umut Arus wrote:
>
> Hi Justin,
>
>
>
> Thanks but I need a code or configuration that is query the malware dns/ip
> sources that is trying to connect and raising notices.
>
>
>
> Or how do you realise in your network malwared DDoS clients with the Bro?
>
>
>
> thanks..
>
>
>
>
> On Tue, Mar 8, 2016 at 3:09 PM, Azoff, Justin S <jazoff at illinois.edu>
> wrote:
>
> This script that I wrote a while ago may help:
>
>
>
>
>
> It creates an external_dns.log file (which is just dns.log that has been
> pre-filtered for you) as well as raising notices when it detects clients
> using external dns servers.
>
>
> _______________________________________________Bro mailing listbro at bro-ids.orghttp://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
>
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160309/1699b8d8/attachment.html
More information about the Bro
mailing list