Network-Based Indicators (Part 1) (Domain 2)
The network is often where the first signs of an attack emerge—if you know what to look for. In this episode, we examine key indicators of network-based threats, starting with Distributed Denial-of-Service (DDoS) attacks and how to distinguish between legitimate traffic surges and malicious floods. We also explore DNS-related anomalies, including poisoned caches, unexpected redirects, or abnormal query patterns that suggest DNS tunneling or spoofing. These issues can disrupt business continuity or serve as covert channels for exfiltration and command-and-control (C2) traffic. Early warning signs include unusual spikes in outbound requests, inconsistent latency, and unexpected open ports or services suddenly becoming active. We discuss how flow data, intrusion detection systems, and anomaly-based alerting can help catch subtle indicators before they escalate. A single packet rarely tells a story—but patterns of network behavior do, and understanding these signals is key to proactive defense.
