momentum DNS viewer

1 Copyright © 2016 Terilogy Co., Ltd. All Rights Reserved.

momentum DNS viewer

momentum DNS viewer

2 Copyright © 2016 Terilogy Co., Ltd. All Rights Reserved.

DNS Reporting and Traffic Monitoring System

The momentum DNS viewer is developed to monitor the traffic of the DNS. Criminals will exploit any

Internet service or protocol when given the opportunity, and this includes the DNS. They inject crafty

responses to poison resolver caches or amplify denial of DNS service attacks. They even use DNS as

a covert channel for data exfiltration or malware updates. Recently DNS DDoS attack and Slow Drip are

progressing large-scale and sophisticated. DNS query composition or traffic patterns offer signs that

suspicious, the DNS traffic monitoring solution is important to inspect the DNS abnormal behaviors.

Product Overview

The momentum traffic collector is High Performance Packet Capture and Indexing data and generating

stats while capturing. The momentum DNS viewer works with momentum traffic collector to monitor the

DNS traffic, it could visualize the traffic trends.

The approach momentum DNS viewer monitoring:

- Capture all of data which is transferred on the infrastructure with our own technologies to create indices and statistics in real time.

- Visualize the DNS traffic trends.

- Download specific PCAP for your analysis if needed.

- Explorative data analysis with DNS statistics and raw data

- Complete raw data can be provided to find or understand unknown attacks.

- Use raw data with the special tools to visualize and analyze the pcap in deep

Key Benefits and Features

The momentum DNS viewer capability is independent from specific DNS software vendor.

momentum DNS viewer is designed to capture the DNS traffic to create the DNS Reports. It is a passive monitoring for DNS traffic and vendor agnostic.

momentum DNS viewer

3 Copyright © 2016 Terilogy Co., Ltd. All Rights Reserved.

Data indexing for DNS traffic The momentum DNS viewer support downloading raw packet data from report momentum DNS viewer saves all the traffic data and the raw data is easily downloaded from DNS viewer menu. This feature improves the time to resolution by way of identifying root cause

Download the pcap

momentum DNS viewer

4 Copyright © 2016 Terilogy Co., Ltd. All Rights Reserved.

Support capability to list NXDomain with arbitrary level of subdomains.

momentum DNS viewer can list NXDomain with arbitrary level of subdomains, it is used to find the Randomized sub-domains attacks.

NXDomain with arbitrary level of subdomains

Provides the function for importing the NXDomain list into Infoblox Trinzic or BIND RPZ’s Backlist.

importing the NXDomain list into Infoblox Trinzic

momentum DNS viewer provides a function to export the backlist into Infoblox Trinzic or BIND RPZ’s Backlist.

Provides the function for integrated with Infoblox Advanced DNS Protection.

momentum DNS viewer provides a function that export the backlist into Infoblox Advanced DNS Protection and set the “Rate limit” and “QPS traffic” for Infoblox Advanced DNS Protection.

momentum DNS viewer

5 Copyright © 2016 Terilogy Co., Ltd. All Rights Reserved.

Integrated with Infoblox Advanced DNS Protection

Support historical trend of DNS traffic with one second granularity.

momentum DNS viewer is capable of showing up to one second interval flow statistics. This is data is accessible from DNS viewer’s hours report.