[Oisf-users] Suricata IPS with named - Please suggest use case
Blason R
blason16 at gmail.com
Sat Dec 23 19:49:49 UTC 2017
Hi Guys,
Can someone please help me with this idea? I have DNS server set up on
CentOS 7.4 which is acting as a sinkhole server where I have installed ELK
stack as well.
Since this named/bind is acting as a sinkhole it is already blocking
malicious known domains collected from OSINT.
My idea here is; if it is possible to integrate/install suricata IPS on
same server and monitor on eth0? And since that is a DNS server can I block
the response IP addresses received which may be malicious.
for example
www.looks-genuine.com = Domain may not be listed in blacklist
15.16.1.18 ==> But IP is malicious hence either block it or alert it
Plus detect the advance level of DNS attacks? like iodine, DNS beacon
channels queries?
Please suggest; can this be achieved?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20171224/5f42f42c/attachment.html>
More information about the Oisf-users
mailing list