Task 2.2: Network mapping reconnaissance (DNS)

This reconnaissance is used by attackers to map your network structure and target interesting computers for later steps in their attack.

There are several query types in the DNS protocol. This Defender for Identity security alert detects suspicious requests, either requests using an AXFR (transfer) originating from non-DNS servers, or those using an excessive number of requests.

1. In the Command window on WIN5, run each of the following commands:

   Nslookup

   Server DC01.MSMDI.local

   ls -d MSMDI.local

   exit

2. Leave the Command window open.

To generate the alert again, perform the action from a different user or with a different command.

For more information, review Network-mapping reconnaissance (DNS).