Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Monitor DNS Traffic & You Just Might Catch A RAT
Newest First  |  Oldest First  |  Threaded View
Randy Naramore
100%
0%
Randy Naramore,
User Rank: Ninja
6/16/2014 | 3:21:34 PM
Re: Know Your Enemy
Very interesting post, DNS is the key to discovering your network. If hackers can get to the DNS servers perform a transfer then you are had. This is the reason DNS is not allowed in controlled environments such as DMZ's. The specific tool set you mentioned (Kali-Linux) is a good one indeed.
Robert McDougal
100%
0%
Robert McDougal,
User Rank: Ninja
6/13/2014 | 4:09:26 PM
Re: Know Your Enemy
Very good points Christian!  I would like to add that Nagios provides a plugin for DNS monitoring as well.
RetiredUser
100%
0%
RetiredUser,
User Rank: Ninja
6/12/2014 | 1:00:52 PM
Know Your Enemy
I try not to name specific tools unless I'm doing an analysis, but for Enterprise-level network monitoring I rather prefer OpenNMS network management application platform and Nagios IT monitoring with its solid DNS monitoring solution. But I have to say to all network engineers, also grab a copy of a penetration testing distribution like Kali Linux and understand what cyber criminals are looking for, how they search for it, and what the raw data and DNS traffic looks like. With highly configurable DNS monitoring tools, you can start tailoring the monitoring to specific types of traffic (if the tool isn't already - Nagios is pretty hefty in that regard) based upon your research.  With tips like the ones in this article, some first-hand experience and solid tools, you will maintain a more secure network environment. 


Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7031
PUBLISHED: 2021-06-21
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2021-28684
PUBLISHED: 2021-06-21
The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network (via an XXE attack).
CVE-2021-28833
PUBLISHED: 2021-06-21
Increments Qiita::Markdown before 0.34.0 allows XSS via a crafted gist link, a different vulnerability than CVE-2021-28796.
CVE-2019-7002
PUBLISHED: 2021-06-21
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2021-29337
PUBLISHED: 2021-06-21
MODAPI.sys in MSI Dragon Center 2.0.104.0 allows low-privileged users to access kernel memory and potentially escalate privileges via a crafted IOCTL 0x9c406104 call. This IOCTL provides the MmMapIoSpace feature for mapping physical memory.