[dns-operations] dnsflow again (Re: DNS Traffic Archive Protocol)

Jason Chambers jchambers at ucla.edu
Thu Dec 9 01:39:15 UTC 2010

On 12/8/10 5:30 PM, Jason Chambers wrote:
> For those who are not familiar with SiLK, please take a look at it for
> influence because a lot of what has been said is very similar to the
> SiLK toolset and a review might save hours or days of brainstorming.
> [1] http://tools.netsa.cert.org/silk/faq.html#what-silk
> [2] http://tools.netsa.cert.org/silk/rwuniq.html
> [3] http://tools.netsa.cert.org/silk/rwcut.html

Sorry to reply to my own post but I forgot to highlight another
influential part of the toolset; the bags, sets, and pmap operations
which are very useful counting and matching multiple variables.
Continuously matching against tens of thousands of suspicious domains
seems to be the norm now.

HTH in some way.



More information about the dns-operations mailing list