Skip to content
/ anomalous-dns Public
forked from jbaggs/anomalous-dns

A set of zeek scripts providing a module for tracking and correlating abnormal DNS behavior.

License

BSD-2-Clause license
0 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sensorfleet/anomalous-dns

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
CHANGES.rst
CHANGES.rst
 
 
LICENSE
LICENSE
 
 
README.rst
README.rst
 
 
__load__.zeek
__load__.zeek
 
 
an-dns-connection.zeek
an-dns-connection.zeek
 
 
an-dns-domain.zeek
an-dns-domain.zeek
 
 
an-dns-oversized.zeek
an-dns-oversized.zeek
 
 
an-dns-query_type.zeek
an-dns-query_type.zeek
 
 
domain-whitelist.zeek
domain-whitelist.zeek
 
 
main.zeek
main.zeek
 
 
zkg.meta
zkg.meta
 
 

Repository files navigation

Anomalous-DNS

A set of zeek scripts providing a module for tracking and correlating abnormal DNS behavior. Detection of tunneling and C&C through connection duration and volume, request and answer size, DNS request type, and unique queries per domain.

Requirements

domain-tld: https://github.com/sethhall/domain-tld (automatically installed with package)

Installation

zkg install sensorfleet/anomalous-dns

Documentation

Current documentation consists of inline comments.

This version has the following changes over jbaggs version:
  • support for more aggressive whitelisting: you can whitelist IPs to fully disable all DNS anomaly tracking.

About

A set of zeek scripts providing a module for tracking and correlating abnormal DNS behavior.

Resources

Readme

License

BSD-2-Clause license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

4 tags

Packages

 
 
 

Languages

  • Zeek 100.0%