In today’s world of constant, ongoing cyber attacks, administrators are seeking new and innovative ways to analyze existing log data to learn what is normal behavior and uncover compromise. Until
I have been doing some experimentation in hopes of exporting and analyzing Microsoft AD DNS debug logs. The project goal is to export the relevant data to a Graylog analyzer
This morning I noticed a large number of the following DNS queries: Source: 23.245.180.16 Query: sunrisecx.com Type: A These queries were arriving at a constant rate of 5000 per minute
I don’t normally report on every DNS anomaly that I see but today I noticed that we are seeing massive amounts of DNS traffic directed at 193.47.85.126. More information regarding this
Recent Comments