Dnsrecon detection

KmT · February 22, 2023, 6:59am

Hi all,
I’m trying to create a detection for the dnsrecon using the following command.

dnsrecon -d sampledomain
I have been trying to find out common content in the query and response packets captured through wireshark but no luck until now.
Can anyone suggest any leads on what to do in this case?
Any leads would be appreciated.

Andreas_Herz · February 27, 2023, 7:16pm

So you run this tool, but what do you want to actually do afterwards?
Do you capture the traffic generated and if so, how?

Topic		Replies	Views
Detecting DNS lookup and follow on connections Help	3	995	May 19, 2021
Detection of class C IP range in DNS response Rules	5	716	April 13, 2022
Rules with http.host keyword and DNS resolution? Rules	2	626	March 21, 2023
DNS Lookup of detected IPs Help	3	2375	May 18, 2020
Filter dns query by wildcard rather then by ip address Help rules	5	874	May 8, 2023

Dnsrecon detection

Related topics