DNS MethodPros and Cons
- Can work across multiple networks
- Names of machines are very telling and as such, many malicious sniffers will do the reverse lookups
- Does not saturate the local network
- High reliability – minimal false positives
- Sniffing systems do not have to perform reverse lookups
- Sniffing systems can do batch reverse lookups later on – this defeats method 1 but not method 2