The Large DNS Packet Sources sensor looks for DNS requests that are larger than usual. Such packets may indicate tunneling attempts or data exfiltration. Data ex-filtration is a network security violation in which a user discreetly attempts to send data from an internal network to an external location.
Troubleshooting a Large DNS Packet Sources Alert
If you suspect data ex-filtration, click the link for the offending host to investigate the suspected user by using a Flow Forensics report in the NFA console. You can also use other packet-inspection tools to identify the data that was sent.
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|