Detecting DNS Fast Fluxing Domains

Fast Flux is a technique that hides and conceals the real identity of the attacker by circulating through different and ever changing number of IP addresses.

In this video walkthrough, we used Snort and Sguil installed in Security Onion to lay down a practical example on detecting DNS fast fluxing domains.

This video was part of the Cisco CyberOps Certificate.

Get Blue Team Notes

How to detect Malwares in your Network with Snort

How to detect Advanced persistent Threat

You will learn how to investigate the presence of an APT in your network using security onion and by correlating events and alerts through different frameworks. Network intrusion analysis and security operations.

How to use snort IDS and Sguil in Security Onion

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles