Tag: dns

DNS traffic monitoring for malicious activity

DNS traffic on port 53, is not suspicious on itself. But we can conclude┬áthat only dns servers should communicate outside to different dns servers in a closed environment.In an open environment we will be looking for malicious dns url’s.Endpoint pc’s, users computers do not need to communicate directly with outside dns queries on port 53….