Packet Tuesday - Most Frequent DNS Query ID

Channel:
United States SANS Cyber Defense
Subscribers:
23,600
Published on ● Video Link: https://www.youtube.com/watch?v=QgCuE_zKyMY


Duration: 27:35
1,054 views
36

In this episode I will search for the most frequent DNS query id, and investigate which queries are associated with them, exploring "DNS Notify" requests.

Notes:
SEC503 Network Monitoring and Threat Detection In-Depth: https://www.sans.org/u/1obN

RFCs:
RFC 1035: DNS https://www.ietf.org/rfc/rfc1035.txt
RFC 1996: DNS Notify https://datatracker.ietf.org/doc/html/rfc1996

Packet Capture: https://packettuesday.com/pcaps/dnsnotify.pcap



Other Videos By SANS Cyber Defense


2023-05-31Join us for the SANS Blue Team Summit 2023 - June 12-13!
2023-05-30Why YOU Should Attend SANS Blue Team Summit 2023
2023-05-29Strategy 4: Hire AND Grow Quality Staff | SANS Blueprint Podcast
2023-05-22Strategy 3: Build a SOC Structure to Match Your Organizational Needs | SANS Blueprint Podcast
2023-05-17Tactical Tripwires
2023-05-15Strategy 2: Give the SOC the Authority to Do Its Job | SANS Blueprint Podcast
2023-05-11What You Will Learn in SEC406: Linux Security for InfoSec Professionals
2023-05-08Strategy 1: Know What You Are Protecting and Why | SANS Blueprint Podcast
2023-05-08Fundamentals: 11 Strategies of a World-Class SOC | SANS Blueprint Podcast Season 4 Intro
2023-04-06The New OSINT Cheat Code: ChatGPT
2023-02-07Packet Tuesday - Most Frequent DNS Query ID
2023-01-31Packet Tuesday - Large ICMP Errors
2023-01-26AI, Data Science, and Machine Learning Training for Cybersecurity Professionals with SANS SEC595
2023-01-24Packet Tuesday - IPv6 Neighbor Discovery
2023-01-17Packet Tuesday - IPv6 Router Advertisements
2023-01-11Network Monitoring Training with SEC503 Network Monitoring and Threat Detection In-Depth
2023-01-10Packet Tuesday - NTP
2023-01-03Packet Tuesday - IP Options
2022-12-20Packet Tuesday - TLS Server Hello
2022-12-13Packet Tuesday - FreeBSD Ping Vulnerability
2022-12-08Baby Steps to the Future: Evolving into the Next-Gen SOC


Tags:
cyber defense
cyber defenders
dns query
dns query id
threat detection
network monitoring
dns
network traffic monitoring
traffic monitoring
dns monitoring
sans sec503
sec503 network monitoring and threat detection in-depth
network monitoring training
threat detection training
threat detection training course
network monitoring training course
network monitoring course
threat detection course