Detection and Prevention of DNS Anomalies

by Irfan Shakeel
Oct. 7, 2017 0 comments INFOSEC Institute Detection & Response

Malware and Botnets have been a threat to systems and networks for several years. The usual methods of detecting a virus with a local virus scanner or their spreading with intrusion detection system (IDS) will not mitigate the complete threat. The characteristics of traffic could be used to detect different threats. Most Internet communication starts with one or more Domain Name System (DNS) lookups. DNS (Domain Name System) The DNS delegates the responsibility of conveying domain names and mapping those names to Internet resources by designating authoritative name servers for each domain. The mapping is done by hostname, IP address, text records, mail exchange information, nameserver information and key information. DNS is composed of a hierarchical domain name space that contains a tree-like data structure of linked domain names (nodes).