Detecting DNS Fast Fluxing Domains

Fast Flux is a technique that hides and conceals the real identity of the attacker by circulating through different and ever changing number of IP addresses.

In this video walkthrough, we used Snort and Sguil installed in Security Onion to lay down a practical example on detecting DNS fast fluxing domains.

This video was part of the Cisco CyberOps Certificate.

How to detect Malwares in your Network with Snort

How to detect Advanced persistent Threat

You will learn how to investigate the presence of an APT in your network using security onion and by correlating events and alerts through different frameworks. Network intrusion analysis and security operations.

How to use snort IDS and Sguil in Security Onion
About the Author

Cybersecurity Trainer MS in Cybersecurity Expertise in Healthcare and Finance Industries Penetration tester and compliance auditor

View Articles