The Large DNS Packet Sources sensor looks for DNS requests that are larger than typical requests. Such packets may indicate tunneling attempts or data exfiltration.
Troubleshooting a Large DNS Packet Sources Alert
An alert from the Large DNS Packet Sources sensor may indicate data exfiltration activity. Data ex-filtration is a network security violation in which a user discreetly attempts to send data from an internal network to an external location.
If you suspect data ex-filtration, click the link for the offending host to investigate the suspected user by using a Flow Forensics report in CA Network Flow Analysis. For more information, see Built-in Workflows. You can also use other packet-inspection tools (such as CA GigaStor) to identify the data that was sent.
|
Copyright © 2013 CA.
All rights reserved.
|
|