Using Splunk to Detect DNS Tunneling

DNS tunneling is a method to bypass security controls and exfiltrate data from a targeted organization. Choose any endpoint on your organization's network, using nslookup, perform an A record lookup for www.sans.org. If it resolves with the site's IP address, that endpoint is susceptible to DNS...
By
Steve Jaworski
June 1, 2016

All papers are copyrighted. No re-posting of papers is permitted

470x382_Research_Paper_gray.jpg