Friday, August 17, 2012

Dr. J's Poor Man DNS Anomaly Detection using Bro

Dr. Johannes Ullrich of the SANS Internet Storm Center posted a great DNS Anomaly Detection script based on the query logs coming from his DNS server. We can do the same thing with Bro's dns.log (where Bro captures all the DNS queries it sees on the network):
http://code.google.com/p/security-onion/wiki/DNSAnomalyDetection

No comments:

Search This Blog

Featured Post

Security Onion 2.4.180 now available including new features, updated components, and quality of life improvements!

Security Onion 2.4.180 is now available and includes several new features, updated components, and many quality of life improvements! For Se...

Popular Posts

Blog Archive