Re: Malicious-DNS

Or do the combination, setup the fake server and use tcpdump or wireshark to capture all access. That should catch all ports and protocols. On 18-02-2019 21.05, Kevin Darcy wrote: > Another approach is to define a "fake" vitaminc.pro > domain, point it at an internal webserve

Re: Malicious-DNS

Another approach is to define a "fake" vitaminc.pro domain, point it at an internal webserver (assuming you have a spare, or can spin one up for the purpose), and see what clients are hitting it. Of course, that assumes the communication is web-based. If it's some other protocol(s), you'd need to

Re: Malicious-DNS

MEjaz wrote: > > If I enabled the system performs will slow down? Depends on how much load your servers are under and what their capacity is. An alternative to query logs, when you are searching for a known query name, is to use tcpdump. It's a tedious and fiddly to convert the name to DNS wire

Malicious-DNS

Dear bind-users. Our NSC, has time to time complaining for such malicious DNS request for few malicious domains. Whereas my DNS servers are up-to-date (BIND 9.12.3-P1) and only our own network is allowed to access. Complain from NCSA, Nation cyber security Agency