TA-Respwnder

Splunk App To Detect LLMNR Poisoning Attacks This app can be deployed to Universal Forwarders to create a distributed detection network against LLMNR poisoning. You can and should disable LLMNR and similar mechnisms in your entire environment. Even with LLMNR disabled you can still make use of this app to mimic the active protocol in your network. The script has 2 functions: * Broadcast LLMNR requests for non-existing hostnames. These can be generated randomly or manually specified. * Optionally, if requests receive suspicious responses it's possible to authenticate against the attacker machine. This can be used to either give the attacker some busy work or you can later on track where they used the creds to login and therefore track the attacker within your network.

Built by Regular Obsession

Last Updated

April 9, 2024

Compatibility

This app has no available versions

Rating

0

(0)

Log in to rate this app

Support

Developer Supported addon

Learn more

Splunk App To Detect LLMNR Poisoning Attacks This app can be deployed to Universal Forwarders to create a distributed detection network against LLMNR poisoning. You can and should disable LLMNR and similar mechnisms in your entire environment. Even with LLMNR disabled you can still make use of this app to mimic the active protocol in your network. The script has 2 functions: * Broadcast LLMNR requests for non-existing hostnames. These can be generated randomly or manually specified. * Optionally, if requests receive suspicious responses it's possible to authenticate against the attacker machine. This can be used to either give the attacker some busy work or you can later on track where they used the creds to login and therefore track the attacker within your network.