In the class “FOR558: Network Forensics” (SANS London 2012) we got a sample PCAP of a custom DNS tunneling in action.
Because I wanted to continue learning Python and digging deeper into network protocols I decided to create a Python script to analyse this custom DNS tunneling.
Summary / Review
The paper “Building an Early Warining System” by Securosis starts by detailing the typical situation: you can’t get ahead of the threat, security is inherent reactive. You have to use tools to be as close to the threat as possible. An Early Waning System can be one of the tools.
“A good hockey player plays where the puck is. A great hockey player plays where the puck is going to be.” – Wayne Gretzky