[dns-operations] dnsflow again (Re: DNS Traffic Archive Protocol)
Jason Chambers
jchambers at ucla.edu
Thu Dec 9 01:39:15 UTC 2010
On 12/8/10 5:30 PM, Jason Chambers wrote:
>
> For those who are not familiar with SiLK, please take a look at it for
> influence because a lot of what has been said is very similar to the
> SiLK toolset and a review might save hours or days of brainstorming.
>
> [1] http://tools.netsa.cert.org/silk/faq.html#what-silk
> [2] http://tools.netsa.cert.org/silk/rwuniq.html
> [3] http://tools.netsa.cert.org/silk/rwcut.html
>
Sorry to reply to my own post but I forgot to highlight another
influential part of the toolset; the bags, sets, and pmap operations
which are very useful counting and matching multiple variables.
Continuously matching against tens of thousands of suspicious domains
seems to be the norm now.
HTH in some way.
Regards,
--Jason
More information about the dns-operations
mailing list