Detecting DNS Fast Fluxing Domains

Fast Flux is a technique that hides and conceals the real identity of the attacker by circulating through different and ever changing number of IP addresses.

In this video walkthrough, we used Snort and Sguil installed in Security Onion to lay down a practical example on detecting DNS fast fluxing domains.

This video was part of the Cisco CyberOps Certificate.

Get Blue Team Notes

How to detect Malwares in your Network with Snort

How to detect Advanced persistent Threat

You will learn how to investigate the presence of an APT in your network using security onion and by correlating events and alerts through different frameworks. Network intrusion analysis and security operations.

How to use snort IDS and Sguil in Security Onion

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles