Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

 SecOpsHostDNSBasedCovertChannelIpv6Record

Detects if a tripe A DNS response contains or not an IP announced. In case the response contains a non-announced IPv6 we can think there is a kind of cover-channel communication attempt.

Source table → network.dns

 SecOpsTooLongDNSResponse

Monitor TXT and ANY responses to detect infiltrations or possible reflection attacks.

Source table → network.dns

  • No labels