dns command and control

Monitoring DNS Traffic

It seems as if monitoring DNS traffic has become pretty popular lately. Our security team just utilized DNS traffic records shown in NetFlow in order to catch an infected Macbook on our Network and just yesterday, we discovered an iPhone reaching out to a plethora of Non Existent Domains.

DNS Command and Control Detection

This morning our malware incident response system triggered an event for suspected DNS “Command and Control” activities. Our security team jumped on it and I thought what we learned in the process of following up on the event was blog worthy.